Examples Update

src/Examples/Program.cs

@@ -10,39 +10,47 @@ internal class Program
 
         private static void Main()
         {
+            Console.WriteLine($"HookDetector.NET Version: {HookDetector.Version}\n");
             Console.WriteLine("Executing Example1");
-            Console.ForegroundColor = ConsoleColor.Yellow;
             Example1();
-            Console.ResetColor();
+
             Console.WriteLine("\nExecuting Example2");
-            Console.ForegroundColor = ConsoleColor.Yellow;
             Example2();
+
             Console.ResetColor();
             Console.ReadKey();
         }
 
         private static void Example1()
         {
+            Console.ForegroundColor = ConsoleColor.Yellow;
             Console.WriteLine($"IsDebuggerPresent (not hooked) = {IsDebuggerPresent()}");
             var hookDetector = new HookDetector("kernel32.dll");
             var isHooked = hookDetector.IsHooked("IsDebuggerPresent");
-            Console.WriteLine($"is Kernel32.IsDebuggerPresent hooked? {isHooked}");
+            Console.WriteLine($"is Kernel32.IsDebuggerPresent hooked = {isHooked}");
+            Console.ResetColor();
         }
 
         private static void Example2()
         {
-            byte[] hook = {0xB8, 0x00, 0x00, 0x00, 0x00, 0xC3};
+            byte[] hook =
+            {
+                0xB8, 0x00, 0x00, 0x00, 0x00,   // mov eax, 0(false)
+                0xC3                            // ret
+            };
             var addr = GetProcAddress(LoadLibrary("kernel32.dll"), "IsDebuggerPresent");
-
-            VirtualProtectEx(Process.GetCurrentProcess().Handle, addr, (UIntPtr) 1, 0x40, out var oldp);
+            Console.ForegroundColor = ConsoleColor.Yellow;
+            Console.WriteLine("Hooking IsDebuggerPresent...");
+            VirtualProtectEx(Process.GetCurrentProcess().Handle, addr, (UIntPtr)1, 0x40, out var oldp);
             WriteProcessMemory(Process.GetCurrentProcess().Handle, addr, hook, 6, out _);
-            VirtualProtectEx(Process.GetCurrentProcess().Handle, addr, (UIntPtr) 1, oldp, out _);
+            VirtualProtectEx(Process.GetCurrentProcess().Handle, addr, (UIntPtr)1, oldp, out _);
 
             Console.WriteLine($"IsDebuggerPresent (Hooked to be always false) = {IsDebuggerPresent()}");
 
             var hookDetector = new HookDetector("kernel32.dll");
             var isHooked = hookDetector.IsHooked("IsDebuggerPresent");
-            Console.WriteLine($"is Kernel32.IsDebuggerPresent hooked? {isHooked}");
+            Console.WriteLine($"is Kernel32.IsDebuggerPresent hooked = {isHooked}");
+            Console.ResetColor();
         }
 
         [DllImport("kernel32.dll")]

src/HookDetector.NET/HookDetector.cs

@@ -6,6 +6,8 @@ namespace Hook_Detector
 {
     public class HookDetector
     {
+        public static readonly string Version = "1.0";
+
         public HookDetector(string moduleName, bool is32Bits = true)
         {
             this.ModuleName = moduleName;

src/HookDetector.NET/HookDetector.csproj

@@ -26,7 +26,7 @@
   </PropertyGroup>
   <PropertyGroup Condition=" '$(Configuration)|$(Platform)' == 'Release|AnyCPU' ">
     <PlatformTarget>AnyCPU</PlatformTarget>
-    <DebugType>pdbonly</DebugType>
+    <DebugType>none</DebugType>
     <Optimize>true</Optimize>
     <OutputPath>bin\Release\</OutputPath>
     <DefineConstants>TRACE</DefineConstants>