I see various new programs, this use a loader EXE of 32 bits and CreateProcess of 16 bits for work only with virtual machine of NT.
If you can run this program of 16 bits in a DOS BOX don't RUN and don't work with turbo debugger and any DOS DEBUGGER.
If you dissasemble de 16 bits file with IDA, you look very easy the part to patch, but you need some values provided for a debugger in this point.
How i can work with this type of files, if i enter in softice and type
ADDR ntvdm.exe, the point for work is not clear for me, how i see in IDA.

Any work with a file of this type?

Ricardo

This is actually an interesting topic; debugging apps running in ntvdm that is..

There's
hxxp://www.microsoft.com/msj/0199/nerd/nerd0199.aspx

which says:

There's more info in that article, but analysing vdmdbg.dll & ntvdm.exe will probably give you a lot of information. They both export lot of interesting functions.
I suppose your 16-bit code is being interpreted by ntvdm, so I doubt you'll be able to have a nice live-debugging session.

Another article, by Matt Pietrek:
hxxp://www.microsoft.com/msj/0898/hood0898.aspx (also talks about the VDMDBG API)

Let us know if u find more info.

Thanks for the info

Ricardo