1. The operand size prefix ("0x66") will sometimes be emulated as
a "pushf" instruction. Obviously most clients will crash
right away when that happens.
The cause is that the inner switch of handle_vm86_fault() does
not have a default case.
2. Extra prefixes will utterly confuse the monitor. This results
in clients receiving signals they shouldn't have had. For
example "0x2e 0xcd 0x21" (int 0x21 with a segment prefix) will
cause a signal.
To solve this, the structure should be rewritten into something
like
while <prefix>
<record or discard>
switch <instruction>
...
3. Instructions "int3" and "into" are not emulated.
4. The "pushw", "popw", "pushl", and "popl" macros are wrong.
Pushing and popping shouldn't cause wrap-arounds but exceptions.
All the above is from reading the code, not running it. I might
have gotten some detail wrong.
Morten Welinder
terra@diku.dk
[Our name server is currently down; email to me may not get through.
This will hopefully be fixed by Monday.]