Xprotector Problem.. + Info

Himm humm
First sorry FOr My English..
Hi , I need your advice on TLS (Thread Local Storage)
On My hand i can crack any Xprot Version(from 1.5 to 1.x) but i have problem on dump file Tls for rebuild exe.
my work simple
1-Crash xprot (lame) Threads (on random gen..0-xxx (Read if need How works Xprot White Paper) via int3/0 Protect with ring0 loader. (i simple use a ring0 dumper (it working very well also 1.06)
2-Then you have Enabled V-Memory Block..
3-But there not stop anti etc..
4-then load Softice and go main Xprt Main Threads and change simple Eip to (call exitprocess). (Note Not Software Threads,you can find which threads real via look cpu process which thread or use SPY++ From Vc Studio)
5-Now you have ready to works Softice & Importrec You can also dump direct with lord_pe or another..
6-look dump inside for oep 03e8h byte Xprot Shit Oep before (you can find your self there 03e8 byte with a look - it a rubbis!)
(also much vc+ prog oep 401000)
7-give oep,try some block for import (to find correct one)
8-But you can fix with your hand some call because xprot fck kernel user adavapi call etc.. try trace your self on asm view (on importrec)

Yes
Exe Build ok all import call oep etc.etc but,
TLS not correct and i dont know anything for TLS how i fix it ?

About how to i crack if i dont have a working exe ?
via patch memory.
simple fix dump (resource etc..)
then load it any dissambler
find patch point
write a loader

Crash V-MemProtect (with protect ring0 int3/0 IDT)
Use a dll injekt on target process
change mem
Thats all..