The Process Environment Block (PEB) contains useful information about the running process. This includes the list of modules loaded for the process, the chain of Structured Error Handlers (SEH), and even the program's command line parameters. Instead of using API functions, such as  GetCommandLine and IsDebuggerPresent, here, the obfuscation technique directly reads this information from PEB.

For instance, the IsDebuggerPresent API contains the following code:

Using the following code alone will return a value of 1 or 0 in the EAX register. It is in the FS segment where the PEB and Thread Information Block (TIB) are found. This code shows that the debug flag can be found at offset 2 of the PEB.

mov eax, large fs:30h
movzx eax, byte ptr [eax+2]

There are different ways for an obfuscation to be implemented. It can be implemented based on the creativity of the developer. As long as the goal of concealing the obvious is present, it will make it hard for reverse engineers to analyze the binary. A better understanding of various obfuscation techniques will definitely helps us overcome the analysis of complicated code during reversing.