[NTOSKRNL]: MOV CRX, YYY and MOV YYY, CRX, as well as the DR equivalents were not correctly detected as privileged instructions in the GPF handler. Fixes Winetests.

[NTOSKRNL]: The "Write" bit in the x86 Error Code is not bit 1, it is bit 2. Fix all the GPF handlers to check for bit 2 instead when determining if an exception was due to read or write. Fixes Winetests.
I'll say it nicely this time for Timo: when you rewrite ASM, do it carefully :)

svn path=/trunk/; revision=55735

reactos/ntoskrnl/ke/i386/traphdlr.c

@@ -970,6 +970,12 @@ KiTrap0DHandler(IN PKTRAP_FRAME TrapFrame)
             }
             
             /* Check for privileged instructions */
+            DPRINT("Instruction (%d) at fault: %lx %lx %lx %lx\n",
+                    i,
+                    Instructions[i],
+                    Instructions[i + 1],
+                    Instructions[i + 2],
+                    Instructions[i + 3]);
             if (Instruction == 0xF4)                            // HLT
             {
                 /* HLT is privileged */
@@ -988,10 +994,11 @@ KiTrap0DHandler(IN PKTRAP_FRAME TrapFrame)
                     (Instructions[i + 1] == 0x08) ||               // INVD
                     (Instructions[i + 1] == 0x09) ||               // WBINVD
                     (Instructions[i + 1] == 0x35) ||               // SYSEXIT
-                    (Instructions[i + 1] == 0x26) ||               // MOV DR, XXX
+                    (Instructions[i + 1] == 0x21) ||               // MOV DR, XXX
                     (Instructions[i + 1] == 0x06) ||               // CLTS
                     (Instructions[i + 1] == 0x20) ||               // MOV CR, XXX
-                    (Instructions[i + 1] == 0x24) ||               // MOV YYY, DR
+                    (Instructions[i + 1] == 0x22) ||               // MOV XXX, CR
+                    (Instructions[i + 1] == 0x23) ||               // MOV YYY, DR
                     (Instructions[i + 1] == 0x30) ||               // WRMSR
                     (Instructions[i + 1] == 0x33))                 // RDPMC
                     // INVLPG, INVLPGA, SYSRET
@@ -1192,7 +1199,7 @@ KiTrap0EHandler(IN PKTRAP_FRAME TrapFrame)
             KeBugCheckWithTf(IRQL_NOT_LESS_OR_EQUAL,
                              Cr2,
                              -1,
-                             TrapFrame->ErrCode & 1,
+                             TrapFrame->ErrCode & 2 ? TRUE : FALSE,
                              TrapFrame->Eip,
                              TrapFrame);
         }
@@ -1254,7 +1261,7 @@ KiTrap0EHandler(IN PKTRAP_FRAME TrapFrame)
         /* This status code is repurposed so we can recognize it later */
         KiDispatchException2Args(KI_EXCEPTION_ACCESS_VIOLATION,
                                  TrapFrame->Eip,
-                                 TrapFrame->ErrCode & 1,
+                                 TrapFrame->ErrCode & 2 ? TRUE : FALSE,
                                  Cr2,
                                  TrapFrame);
     }
@@ -1264,7 +1271,7 @@ KiTrap0EHandler(IN PKTRAP_FRAME TrapFrame)
         /* These faults only have two parameters */
         KiDispatchException2Args(Status,
                                  TrapFrame->Eip,
-                                 TrapFrame->ErrCode & 1,
+                                 TrapFrame->ErrCode & 2 ? TRUE : FALSE,
                                  Cr2,
                                  TrapFrame);
     }
@@ -1273,7 +1280,7 @@ KiTrap0EHandler(IN PKTRAP_FRAME TrapFrame)
     KiDispatchExceptionFromTrapFrame(STATUS_IN_PAGE_ERROR,
                                      TrapFrame->Eip,
                                      3,
-                                     TrapFrame->ErrCode & 1,
+                                     TrapFrame->ErrCode & 2 ? TRUE : FALSE,
                                      Cr2,
                                      Status,
                                      TrapFrame);