Anti-API Hook and App can access > 2GB address?

1.Anti-API Hook.
1.1.CreateRemoteThread
I can chk the thread numbers and TLS Value.
1.2.IAT redirect on-the-fly.
I can compare my IAT with function address using dynamic load.
1.3.DLL Injection.(It\'s global way.)
Inject the \"int 3\" or \"jxx mem.\".
I don\'t know how to detect it,can anyone give me the concepts?
2.The PE Header have the flags that is \"access > 2GB address\",can app set the flag to do it?
Thx a lot.