In addition to breaking protected mode programs, instruction emulation changes have also broken many real mode programs.
Instruction emulation code was previously used to emulate not only protected mode instructions but also some real mode instructions. For example, ioport instructions (inb,outb,...) were emulated using that code.
Now, these instructions raise an exception that will not be caught by any handler because real mode code may not have been called via K32WOWCallback16Ex, which seems to be the place where instruction emulation hooks in.
There are many different ways of fixing these problems, one possibility is to make K32WOWCallback16Ex call VM86 stuff from NTDLL when special magic parameter is passed to it so it can install the correct exception handler. Another is to export instruction emulation hook or exception handler from kernel. Anyway, this is something I don't probably want to decide, even if I had more time available for this. A better fix for protected mode programs would be welcome, too.