Index: ntoskrnl/ke/i386/v86vdm.c
===================================================================
--- ntoskrnl/ke/i386/v86vdm.c	(revision 48734)
+++ ntoskrnl/ke/i386/v86vdm.c	(working copy)
@@ -70,17 +70,17 @@
     
     /* Build flat ESP */
     Esp = (TrapFrame->HardwareSegSs << 4) + (USHORT)TrapFrame->HardwareEsp;
-    Esp -= 2;
     
     /* Check for OPER32 */
     if (KiVdmGetPrefixFlags(Flags) & PFX_FLAG_OPER32)
     {
         /* Save EFlags */
-        Esp -= 2;
+        Esp -= 4;
         *(PULONG)(Esp - 2) = V86EFlags;
     }
     else
     {
+        Esp -= 2;
         /* Save EFLags */
         *(PUSHORT)Esp = (USHORT)V86EFlags;
     }
@@ -103,20 +103,24 @@
     /* Build flat ESP */
     Esp = (TrapFrame->HardwareSegSs << 4) + (USHORT)TrapFrame->HardwareEsp;
     
-    /* Read EFlags */
-    EFlags = *(PULONG)Esp;
-    Esp += 4;
-    
     /* Check for OPER32 */
-    if (!(KiVdmGetPrefixFlags(Flags) & PFX_FLAG_OPER32))
+    if (KiVdmGetPrefixFlags(Flags) & PFX_FLAG_OPER32)
     {
+        /* Read EFlags */
+        EFlags = *(PULONG)Esp;
+        Esp += 4;
+    }
+    else
+    {
+        /* Read EFlags */
+        EFlags = *(PUSHORT)Esp;
+        Esp += 2;
         /* Read correct flags and use correct stack address */
-        Esp -= 2;
         EFlags &= 0xFFFF;
     }
     
     /* Set new ESP */
-    TrapFrame->HardwareEsp = Esp;
+    TrapFrame->HardwareEsp = (USHORT)Esp;
     
     /* Mask out IOPL from the flags */
     EFlags &= ~EFLAGS_IOPL;
@@ -137,7 +141,7 @@
     V86EFlags |= EFLAGS_V86_MASK | EFLAGS_INTERRUPT_MASK;
 
     /* Update EFlags in trap frame */
-    TrapFrame->EFlags |= V86EFlags;
+    TrapFrame->EFlags = V86EFlags;
 
     /* Check if ESP0 needs to be fixed up */
     if (TrapEFlags & EFLAGS_V86_MASK) Ki386AdjustEsp0(TrapFrame);
@@ -311,6 +315,7 @@
     else
     {
         /* FIXME: Check for VDM interrupts */
+       DPRINT("FIXME: Check for VDM interrupts\n");
     }
     
     /* We're done */