On Wed, 13 Oct 2004 05:45:50 +0100, in local.bugtraq you wrote: >This vulnerability is located in a portion of the Windows kernel that >handles some low-level aspects of executing 16-bit code inside a Virtual >DOS Machine (VDM). A certain invalid opcode byte sequence is used in >the 16-bit DOS emulation code to pass requests (referred to as "bops") AIRC BOP meant "BIOS Operation". It was the mechanism used in SoftPC to transfer control from the emulated Intel world to the native world on which the emulator was running. Most of the BIOS in the early SoftPC versions consisted of very short sequences of Intel code ending in a BOP. It was originally a different opcode but when we switched from emulating an 8086 to an 80286 that was no longer an illegal instruction so we changed it to C4C4. jim hatfield
