diff --git a/firmware_symbols.h.S b/firmware_symbols.h.S
index 9dc6ad9..050393b 100644
--- a/firmware_symbols.h.S
+++ b/firmware_symbols.h.S
@@ -25,6 +25,8 @@
 #define pathdup_from_user	0x1b3b3c // FIXME: unsure of the name!
 #define copy_from_user		0xE26C
 #define copy_to_user		0xE050
+#define alloc_and_copy_from_user 0x1b3CFC
+#define strdup_from_user	0x1B8A60
 #define alloc 			0x62088
 #define free 			0x624c8
 #define USBRegisterDriver 	0xd22d8
@@ -57,6 +59,12 @@
 #define rtoc_entry_1		0xf08
 #define rtoc_entry_2		-0x6a00
 
+#define lv2_printf		0x28A654
+#define lv2_printf_null		0x28F050
+#define hvsc107_1		0xE5E8
+#define hvsc107_2		0xE67C
+#define hvsc107_3		0xE4B8
+
 // Payload bases
 #define MEM_BASE2 		(0x50B3C)
 	
@@ -296,7 +304,7 @@
 #define pathdup_from_user	0x1b3d08 // FIXME: unsure of the name!
 #define copy_from_user		0xE300
 #define copy_to_user		0xE0FC
-#define alloc_and_copy_from_user 0x0x1b3EC8
+#define alloc_and_copy_from_user 0x1b3EC8
 #define strdup_from_user	0x1B8C38
 #define strlen_from_user	0x285BE4
 #define alloc			0x61cf0
@@ -331,6 +339,12 @@
 #define rtoc_entry_1		0xd58
 #define rtoc_entry_2		-0x6b08
 
+#define lv2_printf		0x28A11C
+#define lv2_printf_null		0x28EB78
+#define hvsc107_1		0xE534
+#define hvsc107_2		0xE664
+#define hvsc107_3		0xE6F8
+	
 // Payload bases
 #define MEM_BASE2 		(0x50608)
 
@@ -528,4 +542,21 @@
 
 #endif
 
+#ifndef lv2_printf
+#define lv2_printf		0
+#endif
+#ifndef lv2_printf_null
+#define lv2_printf_null		0
+#endif
+
+#ifndef hvsc107_1
+#define hvsc107_1		0
+#endif
+#ifndef hvsc107_2
+#define hvsc107_2		0
+#endif
+#ifndef hvsc107_3
+#define hvsc107_3		0
+#endif
+
 #endif /* __FIRMWARE_SYMBOLS_H_S__ */
diff --git a/patch_table.h.S b/patch_table.h.S
index 5db993d..8be18b6 100644
--- a/patch_table.h.S
+++ b/patch_table.h.S
@@ -48,6 +48,13 @@ patch_table:
 	PATCH_INST(patch_func9 + patch_func9_offset, nop)
 #ifdef __SYSCALL_HANDLER_H_S__
 	PATCH_BRANCH_MEM2 (patch_syscall_func, bl, syscall_handler)
+#endif
+#ifdef __PRINT_DEBUG_H_S__
+	//PATCH_BRANCH_MEM2(lv2_printf_null + 8, b, print_debug)
+	//PATCH_BRANCH_MEM2(lv2_printf_null, b, print_debug)
+	PATCH_BRANCH_MEM2(hvsc107_1, bl, print_hvsc107)
+	PATCH_BRANCH_MEM2(hvsc107_2, bl, print_hvsc107)
+	PATCH_BRANCH_MEM2(hvsc107_3, bl, print_hvsc107)
 #endif
 	.long	0
 
diff --git a/payload_dev.S b/payload_dev.S
index 51d1ce6..fca3f76 100644
--- a/payload_dev.S
+++ b/payload_dev.S
@@ -19,11 +19,14 @@
 
 #include "map_open_path.h.S"
 #include "memory_patching.h.S"
+#include "send_eth.h.S"
 
 RESIDENT_AREA_START()
 #include "dev_syscalls.h.S"
 #include "open_hook.h.S"
 #include "memory_patching_res.h.S"
+#include "send_eth_res.h.S"
+#include "print_debug.h.S"
 RESIDENT_AREA_END()
 
 // Include patch_table after all other includes so it picks up on what
@@ -46,7 +49,10 @@ payload_main:
 	// Allocate memory and copy PIC functions to it
 	LOAD_FUNC_PTR(memory_patching)
 	LOAD_FUNC_PTR(map_open_path)
+	LOAD_FUNC_PTR(send_eth)
+	INIT_SEND_ETH(%r30)
 
+	//ADD_SYSCALL (%r30, print_tty_desc, 403)
 	ADD_SYSCALL (%r30, syscall_peek_desc, 6)
 	ADD_SYSCALL (%r30, syscall_poke_desc, 7)
 	ADD_SYSCALL (%r30, syscall_map_open_desc, 35)
diff --git a/print_debug.h.S b/print_debug.h.S
new file mode 100644
index 0000000..cd56b95
--- /dev/null
+++ b/print_debug.h.S
@@ -0,0 +1,94 @@
+/*
+ * print_debug.h.s -- PL3: Print debug string to eth.
+ *
+ * Copyright (C) Youness Alaoui (KaKaRoTo)
+ *
+ * This software is distributed under the terms of the GNU General Public
+ * License ("GPL") version 3, as published by the Free Software Foundation.
+ *
+ */
+
+#ifndef __PRINT_DEBUG_H_S__
+#define __PRINT_DEBUG_H_S__
+
+#include "trace_helpers.h.S"
+
+/*
+print_tty_desc:
+	QUAD_MEM2 (print_tty)
+	
+print_tty:
+	mflr	%r0
+	stdu	%r1, -0x90(%r1)
+	std	%r24, 0x70(%r1)
+	std	%r25, 0x78(%r1)
+	//	0x80(%r1) == local buffer
+	std	%r0, 0xA0(%r1)
+	mr	%r24, %r4
+	mr	%r25, %r5
+
+	stw	%r5, 0x80(%r1)
+	addi	%r3, %r1, 0x80
+	mr	%r4, %r6
+	li	%r5, 4
+	bl	ABSOLUTE_MEM2(copy_to_user)	// Store 'written' = size
+
+	mr	%r3, %r24
+	addi	%r4, %r1, 0x80
+	mr	%r5, %r25
+	bl	ABSOLUTE_MEM2(alloc_and_copy_from_user)	// Alloc and copy buffer
+	
+	ld	%r3, 0x80(%r1)
+	mr	%r4, %r25
+	bl	send_eth		// send kernel-space buffer
+
+	ld	%r3, 0x80(%r1)
+	li	%r4, 0x27
+	bl	ABSOLUTE_MEM2(free)			// Free the allocated buffer
+	
+	li	%r3, 0
+	ld	%r0, 0xA0(%r1)
+	ld	%r24, 0x70(%r1)
+	ld	%r25, 0x78(%r1)
+	addi	%r1, %r1, 0x90
+	mtlr	%r0
+	blr*/
+
+print_hvsc107:
+	mflr	%r0
+	stdu	%r1, -0x100(%r1)
+	std	%r29, 0xC0(%r1)
+	std	%r30, 0xC8(%r1)
+	std	%r31, 0xD0(%r1)
+	std	%r0, 0xF0(%r1)
+
+	bl	store_regs
+	mr	%r30, %r11
+	li	%r12, 0x10
+	bl	send_eth
+	bl	load_regs
+
+	sc	1
+
+	ld	%r29, 0xC0(%r1)
+	ld	%r30, 0xC8(%r1)
+	ld	%r31, 0xD0(%r1)
+	ld	%r0, 0xF0(%r1)
+	addi	%r1, %r1, 0x100
+	mtlr	%r0
+	blr
+/*
+print_debug:
+	mflr	%r0
+	stdu	%r1, -0x70(%r1)
+	std	%r0, 0x80(%r1)
+
+	bl	send_eth
+
+	li	%r3, 0
+	ld	%r0, 0x80(%r1)
+	addi	%r1, %r1, 0x70
+	mtlr	%r0
+	blr
+*/	
+#endif /* __PRINT_DEBUG_H_S__ */