many fixes, found by actually running the code

mach/i386/libem/cii.s

@@ -9,9 +9,7 @@
 				! eax is source
 	cmp	edx,1
 	jne	2f
-	o16 cbw			! needs operand size toggle to convert
+	movsxb	eax,al
-				! from one to two bytes.
-	cwde
 	mov	edx,4
 	jmp	1f
 2:

mach/i386/libem/exg.s

@@ -5,7 +5,7 @@
 .sect .text
 .exg:
 	push	edi
-	mov	esp,edi
+	mov	edi,esp
 	add	edi,8
 	mov	ebx,edi
 	add	ebx,ecx
@@ -14,6 +14,8 @@
 	mov	eax,(ebx)
 	xchg	eax,(edi)
 	mov	(ebx),eax
+	add	edi,4
+	add	ebx,4
 	loop	1b
 2:
 	pop	edi

mach/i386/libem/iaar.s

@@ -8,12 +8,11 @@
 	cmp     edx,4
 .extern .unknown
 	jne     .unknown
-	pop     ebx      ! descriptor address
+	pop     ebx     ! descriptor address
-	pop     eax      ! index
+	pop     eax     ! index
-	pop     edx      ! array base
 	sub     eax,(ebx)
 	mul     8(ebx)
-	mov	ebx,edx
+	pop	ebx	! array base
 	add     ebx,eax
 	push	ecx
 	ret

mach/i386/libem/ior.s

@@ -8,7 +8,7 @@
 	mov	edx,edi
 	mov	edi,esp
 	add	edi,ecx
-	sar	ecx,1
+	sar	ecx,2
 1:
 	pop	eax
 	or	eax,(edi)

mach/i386/libem/lar4.s

@@ -5,18 +5,16 @@
 .lar4:
 				! ebx, descriptor address
 				! eax, index
-	pop	ecx
-	pop	edx		! base address
-	push	ecx
 	sub     eax,(ebx)
 	mov     ecx,8(ebx)
 	imul    ecx
+	pop	ebx
+	pop	edx		! base address
 	add     edx,eax
 	sar     ecx,1
 	jnb     1f
 	xor     eax,eax
 	movb	al,(edx)
-	pop	ebx
 	push    eax
 	jmp     ebx
 1:
@@ -24,13 +22,12 @@
 	jnb     1f
 	xor     eax,eax
 	o16 mov	ax,(edx)
-	pop	ebx
 	push    eax
 	jmp     ebx
 1:
-	mov	edx,esi		! saved esi
+	xchg	edx,esi		! saved esi
-	mov	eax,8(ebx)
+	mov	eax,ecx
-	pop	ebx		! return address
+	sal	eax,2
 	sub     esp,eax
 	mov	eax,edi		! save edi
 	mov     edi,esp

mach/i386/libem/loi.s

@@ -11,20 +11,20 @@
 	mov     eax,ecx
 	sar     ecx,1
 	jnb     1f
-	xor	eax,eax
+	movsxb	eax,(ebx)
-	movb	al,(edx)
 	push    eax
 	jmp     edx
 1:
 	sar     ecx,1
 	jnb     1f
-	xor	eax,eax
+	movsx	eax,(ebx)
-	o16 mov	ax,(edx)
 	push    eax
 	jmp     edx
 1:
-	mov	ebx,edx
+	push	edx
 	mov	edx,esi
+	mov	esi,ebx
+	pop	ebx
 	sub     esp,eax
 	jmp	1f
 

mach/i386/libem/nop.s

@@ -3,22 +3,8 @@
 .define .nop
 .extern printd, printc, hol0
 
-SIO_S           = 0xDA
-SIO_D           = 0xD8
-RXRDY           = 0x02
-
 .nop:
 	mov     eax,(hol0)
 	call    printd
-!       movb    al,' '
-!       call    printc
-!       mov     eax,esp
-!       call    printd
-!1:
-!       inb     SIO_S
-!       andb    al,RXRDY
-!       jz      1b
-!       inb     SIO_D
-!       call    printc
 	movb    al,'\n'
 	jmp     printc

mach/i386/libem/sar4.s

@@ -5,30 +5,24 @@
 .sar4:
 				! ebx, descriptor address
 				! eax, index
-	pop	ecx
-	pop	edx		! base address
-	push	ecx
 	sub     eax,(ebx)
 	mov     ecx,8(ebx)
-	push	edx
 	imul    ecx
-	pop	edx
+	pop	ebx
+	pop	edx		! base address
 	add     edx,eax
 	sar     ecx,1
 	jnb     1f
-	pop	ebx
 	pop     eax
 	movb	(edx),al
 	jmp     ebx
 1:
 	sar     ecx,1
 	jnb     1f
-	pop	ebx
 	pop     eax
 	o16 mov (edx),ax
 	jmp     ebx
 1:
-	pop	ebx
 	xchg	edi,edx		! edi = base address, edx is saved edi
 	mov	eax,esi
 	mov     esi,esp

mach/i386/libem/set.s

@@ -13,9 +13,9 @@
 	push	edi
 	mov     ebx,esp
 	xor	edi,edi
-	sar	ecx,1
+	sar	ecx,2
 1:
-	mov     4(ebx)(edi),edx
+	mov     8(ebx)(edi),edx
 	add	edi,4
 	loop	1b
 !endif

mach/i386/libem/sti.s

@@ -20,8 +20,10 @@
 	o16 mov	(ebx),ax
 	jmp     edx
 1:
-	mov	ebx,edx
+	push	edx
 	mov	edx,edi
+	mov	edi,ebx
+	pop	ebx
 	jmp	1f
 .sti:
 	! only called with count >> 4

mach/i386/libem/stop.s

@@ -2,4 +2,4 @@
 .sect .text
 .define .stop
 .stop:
-	int     3
+	jmp	_exit

mach/i386/libem/trp.s

@@ -14,4 +14,5 @@
 	pop     eax
 	ret
 2:
+	push	eax
 	call    .stop