diff --git a/.gitignore b/.gitignore
index d1ae2bd2..db2d7138 100644
--- a/.gitignore
+++ b/.gitignore
@@ -19,6 +19,13 @@
 *.self
 *.dump
 *.h
+*.sfo
+*.ttf
+*.otf
+*.rco
+*.bsf
+*.aac
+*.nv12
 link.res
 log.txt
 lib/
diff --git a/fpPS4.lpi b/fpPS4.lpi
index f25eae97..6971ae3d 100644
--- a/fpPS4.lpi
+++ b/fpPS4.lpi
@@ -874,6 +874,22 @@
         <Filename Value="sys\dev\dev_hid.pas"/>
         <IsPartOfProject Value="True"/>
       </Unit>
+      <Unit>
+        <Filename Value="rtl\hamt.pas"/>
+        <IsPartOfProject Value="True"/>
+      </Unit>
+      <Unit>
+        <Filename Value="rtl\x86_jit.pas"/>
+        <IsPartOfProject Value="True"/>
+      </Unit>
+      <Unit>
+        <Filename Value="rtl\x86_fpdbgdisas.pp"/>
+        <IsPartOfProject Value="True"/>
+      </Unit>
+      <Unit>
+        <Filename Value="rtl\g23tree.pas"/>
+        <IsPartOfProject Value="True"/>
+      </Unit>
     </Units>
   </ProjectOptions>
   <CompilerOptions>
diff --git a/sys/jit/kern_jit.pas b/sys/jit/kern_jit.pas
index f19278fc..0df7962f 100644
--- a/sys/jit/kern_jit.pas
+++ b/sys/jit/kern_jit.pas
@@ -36,17 +36,22 @@ uses
  kern_thr,
  subr_backtrace;
 
-procedure _jit_assert;
+procedure jit_assert(tf_rip:QWORD);
+var
+ td:p_kthread;
 begin
- jit_save_to_sys_save(curkthread);
+ td:=curkthread;
+ jit_save_to_sys_save(td);
+ td^.td_frame.tf_rip:=tf_rip;
  print_error_td('Assert in guest code!');
  Assert(false);
 end;
 
-procedure jit_assert; assembler; nostackframe;
+procedure _jit_assert; assembler; nostackframe;
 asm
  call jit_save_ctx
- jmp  _jit_assert
+ mov  %r14,%rdi
+ jmp  jit_assert
 end;
 
 procedure jit_system_error;
@@ -59,22 +64,31 @@ begin
  Assert(False,'jit_unknow_int');
 end;
 
-procedure _jit_exit_proc;
+procedure jit_exit_proc(tf_rip:QWORD);
+var
+ td:p_kthread;
 begin
- jit_save_to_sys_save(curkthread);
+ td:=curkthread;
+ jit_save_to_sys_save(td);
+ td^.td_frame.tf_rip:=tf_rip;
  print_error_td('TODO:jit_exit_proc');
  Assert(False);
 end;
 
-procedure jit_exit_proc; assembler; nostackframe;
+procedure _jit_exit_proc; assembler; nostackframe;
 asm
  call jit_save_ctx
- jmp  _jit_exit_proc
+ mov  %r14,%rdi
+ jmp  jit_exit_proc
 end;
 
-procedure _jit_cpuid(rax:qword);
+procedure _jit_cpuid(tf_rip,rax:qword);
+var
+ td:p_kthread;
 begin
- jit_save_to_sys_save(curkthread);
+ td:=curkthread;
+ jit_save_to_sys_save(td);
+ td^.td_frame.tf_rip:=tf_rip;
  print_error_td('TODO:jit_cpuid:0x'+HexStr(rax,16));
  Assert(False);
 end;
@@ -130,9 +144,10 @@ asm
 
  //unknow id
  popf
- mov  %rax,%r14
+ mov  %rax,%r15
  call jit_save_ctx
  mov  %r14,%rdi
+ mov  %r15,%rsi
  jmp  _jit_cpuid
 
 
@@ -876,12 +891,14 @@ begin
   $41: //assert?
    begin
     //
-    ctx.builder.call_far(@jit_assert); //TODO error dispatcher
+    op_set_r14_imm(ctx,Int64(ctx.ptr_curr));
+    ctx.builder.call_far(@_jit_assert); //TODO error dispatcher
    end;
 
   $44: //system error?
    begin
     //
+    op_set_r14_imm(ctx,Int64(ctx.ptr_curr));
     ctx.builder.call_far(@jit_system_error); //TODO error dispatcher
     trim_flow(ctx);
    end;
@@ -898,7 +915,8 @@ procedure op_ud2(var ctx:t_jit_context2);
 begin
  //exit proc?
  ctx.builder.int3;
- ctx.builder.call_far(@jit_exit_proc); //TODO exit dispatcher
+ op_set_r14_imm(ctx,Int64(ctx.ptr_curr));
+ ctx.builder.call_far(@_jit_exit_proc); //TODO exit dispatcher
  trim_flow(ctx);
 end;
 
@@ -906,7 +924,8 @@ procedure op_iretq(var ctx:t_jit_context2);
 begin
  //exit proc?
  ctx.builder.int3;
- ctx.builder.call_far(@jit_exit_proc); //TODO exit dispatcher
+ op_set_r14_imm(ctx,Int64(ctx.ptr_curr));
+ ctx.builder.call_far(@_jit_exit_proc); //TODO exit dispatcher
  trim_flow(ctx);
 end;
 
@@ -914,12 +933,14 @@ procedure op_hlt(var ctx:t_jit_context2);
 begin
  //stop thread?
  ctx.builder.int3;
- ctx.builder.call_far(@jit_exit_proc); //TODO exit dispatcher
+ op_set_r14_imm(ctx,Int64(ctx.ptr_curr));
+ ctx.builder.call_far(@_jit_exit_proc); //TODO exit dispatcher
 end;
 
 procedure op_cpuid(var ctx:t_jit_context2);
 begin
- ctx.builder.call_far(@jit_cpuid); //TODO CPUID
+ op_set_r14_imm(ctx,Int64(ctx.ptr_curr));
+ ctx.builder.call_far(@jit_cpuid);
 end;
 
 procedure op_rdtsc(var ctx:t_jit_context2);
diff --git a/sys/jit/kern_jit_dynamic.pas b/sys/jit/kern_jit_dynamic.pas
index 4a35b1c9..14c3d5a2 100644
--- a/sys/jit/kern_jit_dynamic.pas
+++ b/sys/jit/kern_jit_dynamic.pas
@@ -363,7 +363,7 @@ begin
  rw_runlock(entry_chunk_lock);
 end;
 
-function exist_jit_host(src:Pointer;tf_tip:PQWORD):Boolean;
+function exist_jit_host(src:Pointer;tf_tip:PQWORD):Boolean; public;
 var
  blob:p_jit_dynamic_blob;
 begin
diff --git a/sys/kern/kern_dlsym.pas b/sys/kern/kern_dlsym.pas
index a1797940..f9ebcd90 100644
--- a/sys/kern/kern_dlsym.pas
+++ b/sys/kern/kern_dlsym.pas
@@ -400,13 +400,11 @@ type
   lea     :array[0..2] of Byte; //48 8D 3D  lea -7(%rip),%rdi
   offset1 :DWORD; //F9 FF FF FF
   //
-  push_rbp:Byte;  //55
-  and_rsp :DWORD; //48 83 E4 F0
-  //
-  inst    :Word;  //FF 15  call 2(%rip)
-  offset2 :DWORD; //02
+  inst    :Word;  //FF 25  jmp 4(%rip)
+  offset2 :DWORD; //04
   ret     :Byte;  //C3
-  nop2    :Byte;  //90
+  nop1    :Byte;  //90
+  nop2    :Word;  //9090
   addr    :QWORD;
   nid     :QWORD;
   libname :PChar;
@@ -415,20 +413,24 @@ type
 
 const
  c_jmpq64_trampoline:t_jmpq64_trampoline=(lea     :($48,$8D,$3D);offset1:$FFFFFFF9;
-                                          push_rbp:$55;
-                                          and_rsp :($F0E48348);
-                                          inst    :$15FF;offset2:$02;
+                                          inst    :$25FF;offset2:$04;
                                           ret     :$C3;
-                                          nop2    :$90;
+                                          nop1    :$90;
+                                          nop2    :$9090;
                                           addr    :0;
                                           nid     :0;
-                                          libname :nil);
+                                          libname :nil;
+                                          libfrom :nil);
 
-procedure _unresolve_symbol(data:p_jmpq64_trampoline);
+procedure unresolve_symbol(data:p_jmpq64_trampoline);
 var
+ td:p_kthread;
  str:shortstring;
 begin
- jit_save_to_sys_save(curkthread);
+ td:=curkthread;
+ jit_save_to_sys_save(td);
+
+ td^.td_frame.tf_rip:=PQWORD(td^.td_frame.tf_rsp)^;
 
  str:=ps4libdoc.GetFunctName(data^.nid);
  if (str='Unknow') then
@@ -440,6 +442,16 @@ begin
  Assert(false);
 end;
 
+procedure _unresolve_symbol; assembler; nostackframe;
+asm
+ push %rbp
+ movq %rsp,%rbp
+
+ andq  $-16,%rsp //align stack
+
+ call unresolve_symbol
+end;
+
 function get_unresolve_ptr(refobj:p_lib_info;where:Pointer;nid:QWORD;libname:PChar):Pointer;
 var
  stub:p_stub_chunk;
diff --git a/sys/kern/subr_backtrace.pas b/sys/kern/subr_backtrace.pas
index 8cd8d686..ecad10e9 100644
--- a/sys/kern/subr_backtrace.pas
+++ b/sys/kern/subr_backtrace.pas
@@ -275,14 +275,14 @@ begin
    offset1:=QWORD(frame)-QWORD(info.base_addr);
    offset2:=QWORD(frame)-QWORD(info.func_addr);
 
-   Writeln(f,'  offset $00X',HexStr(offset1,6),'  ',info.source,':',info.func,'+$',HexStr(offset2,6));
+   Writeln(f,'  offset $',HexStr(offset1 shr 48,5),'|',HexStr(offset1,6),'  ',info.source,':',info.func,'+$',HexStr(offset2,6));
   end else
   begin
    if (info.base_addr<>0) then
    begin
     offset1:=QWORD(frame)-QWORD(info.base_addr);
 
-    Writeln(f,'  offset $00X',HexStr(offset1,6),'  ',info.source);
+    Writeln(f,'  offset $',HexStr(offset1 shr 48,5),'|',HexStr(offset1,6),'  ',info.source);
    end else
    begin
     Writeln(f,'  $',HexStr(frame),'  ',info.source);