diff --git a/src/main.c b/src/main.c
index 9a51f4a..470ee56 100644
--- a/src/main.c
+++ b/src/main.c
@@ -186,6 +186,7 @@ extern struct exPXE *exPXE;
 
 #define PXENV_GET_CACHED 0x0071
 #define PXENV_TFTP_OPEN  0x0020
+#define PXENV_TFTP_READ  0x0022
 
 typedef struct __attribute__((packed)) s_PXENV_GET_CACHED {
 	uint16_t      status;
@@ -205,6 +206,14 @@ typedef struct __attribute__((packed)) s_PXENV_TFTP_OPEN {
 	uint16_t      packet_size;
 } t_PXENV_TFTP_OPEN;
 
+typedef struct __attribute__((packed)) s_PXENV_TFTP_READ {
+	uint16_t      status;
+	uint16_t      packet_number;
+	uint16_t      buffer_size;
+	uint16_t      buffer_offset;
+	uint16_t      buffer_seg;
+} t_PXENV_TFTP_READ;
+
 /**
  * return type for fs drivers
  */
@@ -254,6 +263,85 @@ int hexbin(unsigned char *str, int size)
 
 #include "fs.h"
 
+uint32_t pxe_sip;
+uint32_t pxe_gip;
+
+void
+get_cached()
+{
+	t_PXENV_GET_CACHED *t_cached = (void *)pxe_cmd_buf;
+	t_cached->status = 0;
+	t_cached->packet_type = 2;
+	t_cached->buffer_size = 0;
+	t_cached->buffer_offset = 0;
+	t_cached->buffer_seg = 0;
+	t_cached->buffer_limit = 0xFFFFu;
+	debug_write("Performing PXE call\r\n");
+	unsigned ret = pxe_call(PXENV_GET_CACHED, (uint16_t)(uintptr_t)pxe_cmd_buf, 0x0000);
+	debug_write("Still alive!\r\n");
+	debug_write("ret=");
+	debug_write_uint(ret);
+	debug_write("\r\nstatus=");
+	debug_write_uint(t_cached->status);
+	debug_write("\r\n");
+
+	debug_write("buffer_off=");
+	debug_write_uint(t_cached->buffer_offset);
+	debug_write("\r\nbuffer_seg=");
+	debug_write_uint(t_cached->buffer_seg);
+	struct bootph *bootph = (void *)(t_cached->buffer_offset + 16 * t_cached->buffer_seg);
+	pxe_sip = bootph->sip;
+	pxe_gip = bootph->gip;
+	debug_write("\r\nsip=");
+	debug_write_uint(pxe_sip);
+	debug_write("\r\ngip=");
+	debug_write_uint(pxe_gip);
+	debug_write("\r\n");
+}
+
+void
+receive_file(void)
+{
+	unsigned ret;
+
+	t_PXENV_TFTP_OPEN *t_open = (void *)pxe_cmd_buf;
+	t_open->status = 0;
+	t_open->server_ip = pxe_sip;
+	t_open->gateway_ip = pxe_gip;
+	memcpy(t_open->filename, "/initrd", 8);
+	t_open->tftp_port = 69 << 8;
+	t_open->packet_size = 512;
+	debug_write("Performing PXE OPEN call\r\n");
+	ret = pxe_call(PXENV_TFTP_OPEN, (uint16_t)(uintptr_t)pxe_cmd_buf, 0x0000);
+	debug_write("ret=");
+	debug_write_uint(ret);
+	debug_write("  status=");
+	debug_write_uint(t_open->status);
+	debug_write("\r\n");
+
+	uint16_t packet_size = t_open->packet_size;
+
+#if 0
+	for (;;) {
+		t_PXENV_TFTP_READ *t_read = (void *)pxe_cmd_buf;
+		t_read->status = 0;
+		t_read->buffer_offset = ;
+		t_read->buffer_seg = ;
+
+		ret = pxe_call(PXENV_TFTP_READ, (uint16_t)(uintptr_t)pxe_cmd_buf, 0x0000);
+		debug_write("ret=");
+		debug_write_uint(ret);
+		debug_write("  status=");
+		debug_write_uint(t_read->status);
+		debug_write("\r\n");
+
+		if (t_read->buffer_size < packet_size) {
+			break;
+		}
+	}
+#endif
+}
+
 void
 main()
 {
@@ -291,29 +379,33 @@ main()
 
 	pg_setup();
 
+	get_cached();
+	receive_file();
+
+#if 0
 #if 1
-	t_PXENV_GET_CACHED *t_get = (void *)pxe_cmd_buf;
-	t_get->status = 0;
-	t_get->packet_type = 2;
-	t_get->buffer_size = 0;
-	t_get->buffer_offset = 0;
-	t_get->buffer_seg = 0;
-	t_get->buffer_limit = 0xFFFFu;
+	t_PXENV_GET_CACHED *t_cached = (void *)pxe_cmd_buf;
+	t_cached->status = 0;
+	t_cached->packet_type = 2;
+	t_cached->buffer_size = 0;
+	t_cached->buffer_offset = 0;
+	t_cached->buffer_seg = 0;
+	t_cached->buffer_limit = 0xFFFFu;
 	debug_write("Performing PXE call\r\n");
 	unsigned ret = pxe_call(PXENV_GET_CACHED, (uint16_t)(uintptr_t)pxe_cmd_buf, 0x0000);
 	debug_write("Still alive!\r\n");
 	debug_write("ret=");
 	debug_write_uint(ret);
 	debug_write("\r\nstatus=");
-	debug_write_uint(t_get->status);
+	debug_write_uint(t_cached->status);
 	debug_write("\r\n");
 #endif
 
 	debug_write("buffer_off=");
-	debug_write_uint(t_get->buffer_offset);
+	debug_write_uint(t_cached->buffer_offset);
 	debug_write("\r\nbuffer_seg=");
-	debug_write_uint(t_get->buffer_seg);
-	struct bootph *bootph = (void *)(t_get->buffer_offset + 16 * t_get->buffer_seg);
+	debug_write_uint(t_cached->buffer_seg);
+	struct bootph *bootph = (void *)(t_cached->buffer_offset + 16 * t_cached->buffer_seg);
 	uint32_t sip = bootph->sip;
 	uint32_t gip = bootph->gip;
 	debug_write("\r\nsip=");
@@ -352,9 +444,12 @@ main()
 	bios_func(0x10, reg);
 
 	debug_write("what?\r\n");
+#endif
 #endif
 
+	__asm__ ("cli");
 	for (;;) {
-		__asm__ ("hlt");
+		//__asm__ ("sti");
+		//__asm__ ("hlt");
 	}
 }
diff --git a/src/nbp.S b/src/nbp.S
index 7333c83..d76f475 100644
--- a/src/nbp.S
+++ b/src/nbp.S
@@ -38,12 +38,21 @@ _start:     cli
             mov         %ax, %es
 
             // initialize our own BSS section
-            mov         $_bss_start, %di
+            mov         $_bss_start, %eax
             mov         $_bss_end, %ecx
-            sub         %di, %cx
+            sub         %eax, %ecx
+
+            shr         $4, %eax
+            mov         %ax, %es
+
             xor         %al, %al
+            xor         %di, %di
             rep stosb
 
+            xor         %ax, %ax
+            mov         %ax, %es
+
+
             // a20_enable: Allow use of 'high' (>1Mb) memory
 a20_enable: // Of all the ways to toggle A20, we only try the Fast A20 Gate.
             // This is known to cause problems on some ancient systems,