diff -ru qemu-0.9.1/target-i386/helper2.c qemu-0.9.1-p/target-i386/helper2.c
--- qemu-0.9.1/target-i386/helper2.c	2008-01-06 11:38:45.000000000 -0800
+++ qemu-0.9.1-p/target-i386/helper2.c	2008-01-12 23:56:34.000000000 -0800
@@ -1081,6 +1081,7 @@
 {
     uint32_t pde_addr, pte_addr;
     uint32_t pde, pte, paddr, page_offset, page_size;
+    addr += env->segs[R_DS].base;
 
     if (env->cr[4] & CR4_PAE_MASK) {
         uint32_t pdpe_addr, pde_addr, pte_addr;
diff -ru qemu-0.9.1/target-i386/translate.c qemu-0.9.1-p/target-i386/translate.c
--- qemu-0.9.1/target-i386/translate.c	2008-01-06 11:38:45.000000000 -0800
+++ qemu-0.9.1-p/target-i386/translate.c	2008-01-13 00:00:23.000000000 -0800
@@ -6758,7 +6758,7 @@
     for(;;) {
         if (env->nb_breakpoints > 0) {
             for(j = 0; j < env->nb_breakpoints; j++) {
-                if (env->breakpoints[j] == pc_ptr) {
+                if (env->breakpoints[j] == pc_ptr - dc->cs_base) {
                     gen_debug(dc, pc_ptr - dc->cs_base);
                     break;
                 }