diff --git a/boot/loader/loader.asm b/boot/loader/loader.asm
index 296398a..5093e8d 100644
--- a/boot/loader/loader.asm
+++ b/boot/loader/loader.asm
@@ -215,6 +215,18 @@ common32:
 	cmp ecx, [uKernelSize]
 	jbe @b
 
+	; map some memory untils 0xC03B0000 for memory allocator
+@@:
+	mov edx, esi
+	or edx, 0x3
+	mov [edi], edx
+	add edi, 4
+	add ecx, 4096
+	add esi, 4096
+	cmp ecx, 0x3B0000
+	jb @b
+
+
 	; map 0xB8000 (vga) to 0xC03B0000
 	; 0xC03B0000 >> 12 & 0x3FF == 944
 	mov dword [boot_768_page_table + 944 * 4], 0xB8000 + 0x3
@@ -231,8 +243,6 @@ common32:
 	mov eax, STPDBOOT_MAGIC
 	mov ebx, boot_structure
 
-	xchg bx, bx
-
 	mov ecx, 0xC0000000
 	jmp ecx
 
diff --git a/kernel/bootinfo.inc b/kernel/bootinfo.inc
index 9bff485..3ee34dc 100644
--- a/kernel/bootinfo.inc
+++ b/kernel/bootinfo.inc
@@ -14,3 +14,7 @@ struc BootInfo {
 	.kernel_start dd ?
 	.kernel_size  dd ?
 }
+virtual at 0
+  BootInfo BootInfo
+  sizeof.BootInfo:
+end virtual
diff --git a/kernel/kernel.asm b/kernel/kernel.asm
index 0f35e13..6e2068d 100644
--- a/kernel/kernel.asm
+++ b/kernel/kernel.asm
@@ -19,29 +19,38 @@ db 32 dup(0)
 	;;     EBX - Boot structure address
 	;;
 kmain:
-	xchg bx, bx
-
 	mov esp, stack_top
-	
+
 	cmp eax, STPDBOOT_MAGIC
 	jne .error_magic
 
-	; init memory manager
-	; init idt, gdt
-	; copy boot structure 
-	;call vga_console_clear
+	; Copy boot structure
+	mov ecx, sizeof.BootInfo
+	mov esi, ebx
+	mov edi, boot_structure
 
+	; print hello world 
 	mov [0xC03B0000], dword 0x08740953
 	mov [0xC03B0004], dword 0x05700675
 	mov [0xC03B0008], dword 0x03640469
 	mov [0xC03B000C], dword 0x0153024F
 
-
-	;KLOG_INIT
-
 	mov esi, szMsgKernelAlive
 	call klog
 
+	; init pmm (kend, 0x3B0000)
+	mov eax, kend
+	mov ebx, 0xC03B0000
+	call pmm_init
+
+	; init vmm
+	call mm_init
+
+	; map whole memory
+
+	;  idt, gdt
+
+
 .halt:
 	hlt
 	jmp $
@@ -51,6 +60,7 @@ kmain:
 	call klog
 	jmp .halt
 
+	include 'bootinfo.inc'
 	include 'klog.inc'
 	include 'dev/vga_console.inc'
 	include 'mm/mm.inc'
@@ -58,10 +68,11 @@ kmain:
 szMsgKernelAlive db "Kernel is alive", 0
 szErrorBootProtocol db "Error: wrong magic number", 0
 
-	align 4
+boot_structure BootInfo
+
+	align 4096
 stack_bottom:
 	rb 0x4000
 stack_top:
 
-_end:
-	dd 0x0
+kend:
diff --git a/kernel/klog.inc b/kernel/klog.inc
index d9a9b35..6b7db94 100644
--- a/kernel/klog.inc
+++ b/kernel/klog.inc
@@ -77,16 +77,86 @@ klog_print_date:
 
 	ret
 
+klog_print_hex:
+	push esi
+	mov esi, szHexPrefix
+	call klog_print
+	pop esi
+
+	or edi, edi
+	jz .print_zero
+	push esi
+	mov esi, szKlogBuffer
+	xor cl, cl
+.loop:
+	cmp cl, 8
+	je .print_number
+	rol edi, 4
+	mov eax, edi
+	and eax, 0xF
+	mov al, byte [sDigit + eax]
+	mov [esi], al
+	inc esi
+	inc cl
+	jmp .loop
+.print_zero:
+	mov al, '0'
+	out dx, al
+	jmp .end
+.print_number:
+	mov [esi], byte 0
+	mov esi, szKlogBuffer
+	call klog_print
+	pop esi
+.end:
+	ret
+
 	;; Function: klog
 	;; Output kernel log
 klog:
 	call klog_print_date
 
+.loop:
+	mov al, [esi]
+	or al, al
+	jz .end
+	cmp al, '%'
+	jne .putchar
+	inc esi
+	mov al, [esi]
+	cmp al, '%'
+	je .putchar
+	cmp al, 's'
+	jne .check_x
+	mov edi, esi
+	pop eax
+	pop esi
+	push eax
 	call klog_print
-
+	mov esi, edi
+	jmp .next
+.check_x:
+	cmp al, 'x'
+	jne .unknown_format
+	pop eax
+	pop edi
+	push eax
+	call klog_print_hex
+	jmp .next
+.unknown_format:
+	mov al, '?'
+.putchar:
+	out dx, al
+.next:
+	inc esi
+	jmp .loop
+.end:
 	mov esi, szCRLF
 	call klog_print
 	ret
 
-szTime db '[00:00:00] ', 0
-szCRLF db CR, LF, 0
+szTime       db '[00:00:00] ', 0
+szCRLF       db CR, LF, 0
+sDigit       db '0123456789ABCDEF'
+szHexPrefix  db '0x', 0
+szKlogBuffer db '00000000', 0
diff --git a/kernel/mm/mm.inc b/kernel/mm/mm.inc
index 46a6927..1e5d3eb 100644
--- a/kernel/mm/mm.inc
+++ b/kernel/mm/mm.inc
@@ -2,4 +2,18 @@
 include "pmm.inc"
 
 mm_init:
+	mov esi, szMsgMmInit
+	call klog
+
+	call pmm_alloc_page
+	mov [pKernelPgDir], eax
+
+	push eax
+	mov esi, szMsgMmKernelPgDir
+	call klog
+
 	ret
+
+szMsgMmInit db "MM: initialize", 0
+szMsgMmKernelPgDir db "MM: Kernel page dir at %x", 0
+pKernelPgDir dd ?
diff --git a/kernel/mm/pmm.inc b/kernel/mm/pmm.inc
index 74a6faf..f942f01 100644
--- a/kernel/mm/pmm.inc
+++ b/kernel/mm/pmm.inc
@@ -1,16 +1,79 @@
+	;; File: pmm.inc
 
-	align 4
-;aPhysPageBitmap:
-;	dd 32769 dup(0)
+struc FreeItem {
+	.next dd ?
+}
 
+	;; Function: pmm_init
+	;; 
+	;; In:
+	;;    EAX - Start
+	;;    EBX - End
 pmm_init:
+	push eax
+	mov esi, szMsgPmmInit
+	call klog
+	pop eax
+
+	call pmm_free_range
 	ret
 
 pmm_alloc_page:
+	cmp [pFreeList], 0
+	je .error
+	mov eax, [pFreeList]
+	mov edx, [eax]
+	mov [pFreeList], edx
 	ret
-
-pmm_free_range:
+.error:
+	mov esi, szErrorNoMemLeft
+	call klog
+	xor eax, eax
 	ret
 
 pmm_free_page:
+	or eax, eax
+	jz @f
+	mov edx, [pFreeList]
+	mov [eax], edx
+	mov [pFreeList], eax
+@@:
 	ret
+
+	;; Function: pmm_free_range
+	;; TODO: allignment 
+	;; In:
+	;;    EAX - Start
+	;;    EBX - End
+pmm_free_range:
+	push ebp
+	mov ebp, esp
+	sub esp, 0x10
+	mov [ebp-4], eax
+	mov [ebp-8], ebx
+
+	push ebx
+	push eax
+	mov esi, szMsgPmmFreeRange
+	call klog
+
+	xchg bx, bx
+
+	mov esi, [ebp-4]
+.loop:
+	mov eax, [pFreeList]
+	mov [esi], eax
+	mov [pFreeList], esi
+
+	add esi, 4096
+	cmp esi, [ebp-8]
+	jb .loop
+
+
+	leave
+	ret
+
+pFreeList dd 0
+szMsgPmmInit      db "PMM: initialize", 0
+szMsgPmmFreeRange db "PMM: add free memory range %x - %x", 0
+szErrorNoMemLeft  db "Error: no free memory left", 0