The information that the system uses to determine how to create heap structures is stored at an undocumented location in the PEB at offset 0x68. If the value at this location is 0x70, we know that we are running in a debugger.

The NtGlobalFlag field of the Process Environment Block (0x68 offset on 32-Bit and 0xBC on …