you can look in pnluck tutorial for
-Hide NtGlobalFlag
-Hide ProcessHeapFlag
also isdebug
due its peb and teb patching
but in my oepfind when i just patch isdebpresent peb+2 then also it patches 2 others,dunno know how with olly, maybe they are necessery

Control of Beingdebug
004XXXXX MOV EAX,DWORD PTR FS:[30] ;fs:[30] return the PEB address
...
004XXXXX ADD EAX,2 ; PEB+2 is beingdebug memory address
004XXXXX MOV EAX,DWORD PTR DS:[EAX] ; AL maybe 0(not debug) or 1(debug present)
...
004XXXXX OR AL,AL
004XXXXX JE UnPackMe.004F2C67

Control of ProcessHeap
004XXXXX MOV EAX,DWORD PTR FS:[18] ; fs:[18] return the TEB address
... after some operation
004XXXXX MOV EAX,DWORD PTR [EAX+30] ;TEB+0x30 return the PEB address
.... after some operation
004XXXXX MOV EAX, DWORD PTR[EAX+18] ;PEB+0x18 return the ProcessHeap address
004XXXXX CMP DWORD PTR DS:[EAX+10],0 ;EAX+10 maybe 0(not debug) or other values (debug present)

Controll of NtGlobalFlag
004XXXXX MOV EAX,DWORD PTR FS:[30] ;fs:[30] return the PEB address
004XXXXX ADD EAX,8E4180C9
004XXXXX ADD EAX,71BE7F9F ;EAX = PEB+0X68 : address of NtGlobalFlag
004XXXXX MOV EAX,DWORD PTR DS:[EAX] ; NtGlobalFlag maybe 0x70(debug present) or 0

for zwquery you can look inside my oepfind

for processheap, what i encountred when tried to apply it to oepfind, well on create_process you cant do it, due it yet doesnt exist, only when you are at EP

also another problems you will encounter is on create_process there is only exe and ntdll.dll loaded, then later loads kernel32,and user32 so you have make plugin or patch to learn to wait when its loaded and then patch