Hmmm.... Just discovered something weird trying to boot Windows NT 4.0 to verify CPU behviour to be working properly still.

Somehow it reaches what seems to be opcode 84h (TEST r/m8,r8), but fails to fetch the modr/m parameters for some weird reason?
Looking at the fetching precalcs, it looks like the settings aren't properly retrieved from the instruction parameter lookup table, if at all (perhaps it points to another opcode, so never fetched properly)?
Edit: Hmmm... Now after some more testing (Windows 95 again), I see it failing on a opcode seemingly page faulting and failing somehow (proceeding to execute an invalid instruction).
Edit: After improving that, now Windows 95 fails to boot, telling there's not enough memory to load the registry?

Modified immediate parameter reading faulting/aborting(including paging locks) to check for active instruction by checking the parameter passed to the immediate read function(indicating checking(0)/loading from instruction(1) or main fetching routine(3, for 286+ CPUs only)) instead of directly checking the CPU's fetching/EU execution status (which is reset on any fault or execution phase change).

Also fixed resetting EIP for faults not to manually just load the CS selector, to keep CS selector/descriptor relationship consistent.

Now Hiren's BootCD 7.8 changes once again, now trying to execute an invalid LXS (LDS,LES etc.) instruction with register parameter, in real mode?

Just improved two things on the x86 segment descriptor handling:
- Make RSM properly set the CS segment descriptor mode to real or protected-mode/V86 mode on Pentium and up (applying the CS real mode limit behaviour on Pentium properly).
- Make segment descriptor read/write/execute permission precalcs point directly into the global precalcs lookup table, instead of copying all 256 bytes over, for increased performance (as the data in the table never changes), thus reducing the 256-byte memcpy to a simple 64-bit or 32-bit assignment (depending on the executable address size being 64-bit or 32-bit).

Just tried some older stuff I was testing with in the past and tried booting MS-DOS 6.22 with QEMM 7.04 again.
It, after fixing some CPU committing to behave more correctly (globally after the instruction instead of while parsing it), it crashes, saying it 'Cannot load because there is not enough memory.', which is interesting at least. At least it doesn't crash like it did before.

I made a log of it running the protected mode part of the program. Looking at what it's doing, I don't see anything weird?
Perhaps the issue itself is inside V86 mode that's causing this?
Edit: Looking into good old Hiren's BootCD 7.8 I see the same booting it. Instead of properly starting to extract files, it will spew out some garbage now and execute an invalid GRP5 /7 opcode (FF /7), throwing it into an infinite loop.
Edit: Wfw 3.11 otoh now is crashing immediately upon boot, soon after displaying the loading screen.

Hmmm... Seeing as the testsuite (test386.asm) doesn't seem to give any errors and MS-DOS still boots, but anything on top of it (Windows, memory managers etc.) keep 'running out of available RAM', environment space etc. (even though 128MB is installed) there might be something else going wrong in the CPU emulation somehow?

OK. While finding this bug, I've improved the settings menu text and address inputs a bit.
It now properly supports the valid numpad keys too.
So on an address input (for breakpoints etc.) it adds numeric keys and kpen (keypad enter for confirmation, just like normal enter) key.
And on text inputs (filenames etc.) it supports -, + and . keypad keys as well, ignoring shift status (to prevent del and incorrect _ behaviour on those keys).
That will improve input support a bit when inputting numbers into the text fields.

Improved debugger support for two new types of breakpoints:
- Adding an U qualifier to the end of the breakpoint setting (after processor modes or ignoring of them) causes it to apply to SMM mode only (if not supplied it applies to non-SMM mode only).
- Adding an ! qualifier to end end of the breakpoint setting

So now SMM can be filtered (or SMM being ignored otherwise), with breakpoints also allowed to be saved disabled (saving them for easy re-enabling once needed).

Edit: Hmmm... On the 8088 in cycle-accurate mode I see it executing, but somehow not timing correctly it seems? RETF completes in 1 cycle, which it shouldn't.