diff --git a/boot/kernel.asm b/boot/kernel.asm
index c1f3180..ba7b8b4 100644
--- a/boot/kernel.asm
+++ b/boot/kernel.asm
@@ -44,7 +44,7 @@ restart:
 hlt:		hlt
 		jmp hlt
 
-%include	"kernel/bdos.asm"
+%include	"kernel/syscall.asm"
 %include	"kernel/far.asm"
 %include	"kernel/fcb.asm"
 %include	"kernel/find.asm"
diff --git a/kernel/bdos.asm b/kernel/syscall.asm
similarity index 65%
rename from kernel/bdos.asm
rename to kernel/syscall.asm
index 2d5b2ce..49a708b 100644
--- a/kernel/bdos.asm
+++ b/kernel/syscall.asm
@@ -1,7 +1,41 @@
+; This is the syscall gateway:
+;  - backs up the data from user space (kernel funcs trash many regs)
+;  - sets up the kernel stack
+;  - calls kernel funcs
+;  - exports a specified set of registers back to userspace
+;
+; The syscall table acts as a "export"-list for kernel near funcs.
+; Code invoked via it can reply on SS being zero.
+
 section .bss
 
 curpsp:	resw 1
 
+section .data
+
+stab:	; syscall table
+	; cells: ptr to handler, ptr to sysret
+	; 0-7
+	dw restart, sret
+	dw getc, sretb
+	dw putc, sret
+	dw err, sret ; reader input
+	dw err, sret ; punch outout
+	dw err, sret ; list output
+	dw conio, sret ; direct console i/o
+	dw err, sret
+	; 8-f
+	dw err, sret
+	dw err, sret ; print string
+	dw err, sret ; read into buffer
+	dw err, sret ; console status
+	dw err, sret ; return version num
+	dw err, sret ; reset disks
+	dw err, sret ; select disk
+	dw err, sret ; open file
+.end:
+
+section .text
 
 absolute 0
 
@@ -22,15 +56,23 @@ PSPDS:	resw 1
 PSPBX:	resw 1
 PSPES:	resw 1
 
-
 section .text
 
+	; Load current PSP segment into DS
 	; OUT	ds	PSP segment
+	;	ax	0
 pspds:	xor ax, ax
 	mov ds, ax
 	mov ds, [curpsp]
 	ret
 
+	; Fix CS:AX pointer for reloc
+fixax:	call .l01
+.l01:	pop bx
+	sub bx, .l01
+	add ax, bx
+	ret
+
 int21:	push ds
 	; load program PSP and save userdata
 	push ax
@@ -45,39 +87,28 @@ int21:	push ds
 
 	mov ss, ax
 	mov sp, ( stack+stacksize )
-
+	; get ptr to syscall table
 	mov al, [PSPAX+1]
 	shl ax, 1
 	shl ax, 1
-	call .etbl
-	; syscall table
-	; cells: ptr to handler, ptr to sysret
-	; 0-7
-	dw restart, sret
-	dw getc, sretb
-	dw putc, sret
-	dw err, sret ; reader input
-	dw err, sret ; punch outout
-	dw err, sret ; list output
-	dw conio, sret ; direct console i/o
-	dw err, sret
-	; 8-f
-	dw err, sret
-	dw err, sret ; print string
-	dw err, sret ; read into buffer
-	dw err, sret ; console status
-	dw err, sret ; return version num
-	dw err, sret ; reset disks
-	dw err, sret ; select disk
-	dw err, sret ; open file
-
-	; set up a return chain and execute it
-	; first return into handler function
-	; second return into appropiate sysret
-.etbl:	pop bx
-	add bx, ax
-	push word [cs:bx+2]
-	push word [cs:bx]
+	add ax, stab
+	call fixax
+	mov bx, ax
+	; load sysret ptr
+	push bx
+	mov ax, [cs:bx+2]
+	call fixax
+	pop bx
+	push ax
+	; load handler ptr
+	mov ax, [cs:bx]
+	call fixax
+	push ax
+	; restore user data
+	mov bx, [PSPBX]
+	mov ax, [PSPAX]
+	mov ds, [PSPDS]
+	; launch ROP chain
 	ret
 
 err:	mov ah, 0xFF