[deXep]

Hi my nice guys!

I'm working on a dumper and I cannot grab FS base via
GetThreadSelectorEntry
it returns TRUE but LDT_ENTRY is still NULL.

and I tried use address of debugger becoz all PEB is in the same address
this code works well
mov eax, fs:[30h]
inc eax
inc eax
call write_mem
but if I code like these:
mov edi, fsbase; grabbed
lea eax, [edi+30h]
call read_mem
then ReadProcessMemory return 0, last Error is PARTIALLY_COPY

I'm mad for such a strange problem

regards