7) ntdll!RtlGetNtGlobalFlags()

--------------------------------------------------------------------------
; Exported entry 604. RtlGetNtGlobalFlags

; __stdcall RtlGetNtGlobalFlags()
    public _RtlGetNtGlobalFlags@0
_RtlGetNtGlobalFlags@0 proc near
    mov eax, large fs:18h               ; +0x018 Self : Ptr32 _NT_TIB，指向_TEB
    mov eax, [eax+30h]                  ; +0x030 ProcessEnvironmentBlock : Ptr32 _PEB
    mov eax, [eax+68h]                  ; +0x068 NtGlobalFlag : Uint4B
    retn
_RtlGetNtGlobalFlags@0 endp
--------------------------------------------------------------------------

--------------------------------------------------------------------------
DWORD __stdcall RtlGetNtGlobalFlags ( void )
{
    /*
     * 就这么简单
     */
    return( _PEB.NtGlobalFlag );
}  /* end of RtlGetNtGlobalFlags */
--------------------------------------------------------------------------