diff --git a/sys/test.cpp b/sys/test.cpp
index 1485e1f..477a8b2 100644
--- a/sys/test.cpp
+++ b/sys/test.cpp
@@ -1,7 +1,11 @@
 
 #include "zcall.h"
 
+constexpr uint64_t prog2 = 0x00000020'00000000;
+
 int main() {
   ZDebug("Testing");
+  ZProcessSpawn(prog2, 0x1000);
+  ZDebug("Return");
   return 0;
 }
diff --git a/zion/include/zcall.h b/zion/include/zcall.h
index 2b35c77..36d28db 100644
--- a/zion/include/zcall.h
+++ b/zion/include/zcall.h
@@ -3,6 +3,17 @@
 #include <stdint.h>
 
 #define Z_THREAD_EXIT 0x01
+
+#define Z_PROCESS_SPAWN 0x10
+
 #define Z_DEBUG_PRINT 0x100
 
 uint64_t ZDebug(const char* message);
+
+// TODO: Move structs into an internal header.
+struct ZProcessSpawnReq {
+  uint64_t elf_base;
+  uint64_t elf_size;
+};
+
+uint64_t ZProcessSpawn(uint64_t elf_base, uint64_t elf_size);
diff --git a/zion/loader/init_loader.cpp b/zion/loader/init_loader.cpp
index 79bb7cf..818262a 100644
--- a/zion/loader/init_loader.cpp
+++ b/zion/loader/init_loader.cpp
@@ -3,27 +3,42 @@
 #include "boot/boot_info.h"
 #include "debug/debug.h"
 #include "loader/elf_loader.h"
+#include "memory/paging_util.h"
 #include "scheduler/process.h"
 #include "scheduler/process_manager.h"
 
 namespace {
 
-const limine_file& GetInitProgram() {
+bool streq(const char* a, const char* b) {
+  while (true) {
+    if (*a == '\0' && *b == '\0') return true;
+    if (*a == '\0' || *b == '\0') {
+      return false;
+    }
+    if (*a != *b) {
+      return false;
+    }
+    a++;
+    b++;
+  }
+}
+
+const limine_file& GetInitProgram(const char* path) {
   const limine_module_response& resp = boot::GetModules();
   dbgln("Dumping modules");
   for (uint64_t i = 0; i < resp.module_count; i++) {
     const limine_file& file = *resp.modules[i];
     dbgln("%s,%m,%x", file.path, file.address, file.size);
-    // TODO eventually compare this file path.
-    return file;
+    if (streq(file.path, path)) return file;
   }
-  panic("No init program found");
+  panic("Program not found: %s", path);
 }
 
 }  // namespace
 
 void LoadInitProgram() {
-  const limine_file& init_prog = GetInitProgram();
+  const limine_file& init_prog = GetInitProgram("/sys/test");
+  const limine_file& prog2 = GetInitProgram("/sys/test2");
 
   SharedPtr<Process> proc = MakeShared<Process>();
   gProcMan->InsertProcess(proc);
@@ -31,5 +46,10 @@ void LoadInitProgram() {
   uint64_t entry =
       LoadElfProgram(proc->cr3(), reinterpret_cast<uint64_t>(init_prog.address),
                      init_prog.size);
+
+  CopyIntoNonResidentProcess(reinterpret_cast<uint64_t>(prog2.address),
+                             prog2.size, proc->cr3(),
+                             proc->vmm().GetNextMemMapAddr(prog2.size));
+
   proc->CreateThread(entry);
 }
diff --git a/zion/memory/virtual_memory.h b/zion/memory/virtual_memory.h
new file mode 100644
index 0000000..a8ac494
--- /dev/null
+++ b/zion/memory/virtual_memory.h
@@ -0,0 +1,58 @@
+#pragma once
+
+#include <stdint.h>
+
+#include "debug/debug.h"
+
+// VirtualMemory class holds a memory space for an individual process.
+//
+// Memory Regions are predefined for simplicity for now. However, in general
+// we try not to rely on these regions being static to allow for flexibility in
+// the future.
+//
+// User Regions (Per Process):
+// 0x00000000 00000000 - 0x0000000F FFFFFFFF : USER_CODE (64 GiB)
+// 0x00000010 00000000 - 0x0000001F FFFFFFFF : USER_HEAP (64 GiB)
+// 0x00000020 00000000 - 0x0000002F FFFFFFFF : MEM_MAP (64 GiB)
+// 0x00000040 00000000 - 0x0000004F FFFFFFFF : IPC_BUF (64 GiB)
+// 0x00007FFF 00000000 - 0x00007FFF FFFFFFFF : USER_STACK (64 GiB)
+//
+// Kernel Regions (Shared across processes):
+// 0xFFFF8000 00000000 - 0xFFFF800F FFFFFFFF : HHDM (64 GiB)
+// 0xFFFFFFFF 40000000 - 0xFFFFFFFF 7FFFFFFF : KERNEL_HEAP (1 GiB)
+// 0xFFFFFFFF 80000000 - 0xFFFFFFFF 80FFFFFF : KERNEL_CODE (16 MiB)
+// 0xFFFFFFFF 90000000 - 0xFFFFFFFF 9FFFFFFF : KERNEL_STACK (256 MiB)
+class VirtualMemory {
+ public:
+  enum MemoryType {
+    UNSPECIFIED,
+    UNMAPPED,
+    USER_CODE,
+    USER_HEAP,
+    MEM_MAP,
+    IPC_BUF,
+    USER_STACK,
+    HHDM,
+    KERNEL_HEAP,
+    KERNEL_CODE,
+    KERNEL_STACK,
+  };
+
+  VirtualMemory() {}
+  VirtualMemory(const VirtualMemory&) = delete;
+  VirtualMemory(VirtualMemory&&) = delete;
+
+  uint64_t GetNextMemMapAddr(uint64_t size) {
+    uint64_t addr = next_memmap_addr_;
+    next_memmap_addr_ += size;
+    if (next_memmap_addr_ >= 0x30'00000000) {
+      panic("OOM: Memmap");
+    }
+    return addr;
+  }
+
+ private:
+  uint64_t cr3_ = 0;
+
+  uint64_t next_memmap_addr_ = 0x20'00000000;
+};
diff --git a/zion/scheduler/process.h b/zion/scheduler/process.h
index 80a669d..20aa2bb 100644
--- a/zion/scheduler/process.h
+++ b/zion/scheduler/process.h
@@ -4,6 +4,7 @@
 
 #include "lib/linked_list.h"
 #include "lib/shared_ptr.h"
+#include "memory/virtual_memory.h"
 
 // Forward decl due to cyclic dependency.
 class Thread;
@@ -21,6 +22,7 @@ class Process {
 
   uint64_t id() const { return id_; }
   uint64_t cr3() const { return cr3_; }
+  VirtualMemory& vmm() { return vmm_; }
 
   void CreateThread(uint64_t entry);
   SharedPtr<Thread> GetThread(uint64_t tid);
@@ -34,6 +36,7 @@ class Process {
  private:
   Process(uint64_t id, uint64_t cr3) : id_(id), cr3_(cr3) {}
   uint64_t id_;
+  VirtualMemory vmm_;
   uint64_t cr3_;
   State state_;
 
diff --git a/zion/syscall/syscall.cpp b/zion/syscall/syscall.cpp
index 1bd1a4c..4cb2480 100644
--- a/zion/syscall/syscall.cpp
+++ b/zion/syscall/syscall.cpp
@@ -4,6 +4,9 @@
 
 #include "debug/debug.h"
 #include "include/zcall.h"
+#include "loader/elf_loader.h"
+#include "scheduler/process.h"
+#include "scheduler/process_manager.h"
 #include "scheduler/scheduler.h"
 
 #define EFER 0xC0000080
@@ -53,7 +56,16 @@ void InitSyscall() {
   SetMSR(LSTAR, reinterpret_cast<uint64_t>(syscall_enter));
 }
 
-extern "C" void SyscallHandler(uint64_t call_id, char* message) {
+uint64_t ProcessSpawn(ZProcessSpawnReq* req) {
+  dbgln("Proc spawn: %u:%u", req->elf_base, req->elf_size);
+  SharedPtr<Process> proc = MakeShared<Process>();
+  gProcMan->InsertProcess(proc);
+  uint64_t entry = LoadElfProgram(proc->cr3(), req->elf_base, req->elf_size);
+  proc->CreateThread(entry);
+  return 0;
+}
+
+extern "C" uint64_t SyscallHandler(uint64_t call_id, char* message) {
   Thread& thread = gScheduler->CurrentThread();
   switch (call_id) {
     case Z_THREAD_EXIT:
@@ -63,7 +75,10 @@ extern "C" void SyscallHandler(uint64_t call_id, char* message) {
     case Z_DEBUG_PRINT:
       dbgln("[%u.%u] [Debug] %s", thread.pid(), thread.tid(), message);
       break;
+    case Z_PROCESS_SPAWN:
+      return ProcessSpawn(reinterpret_cast<ZProcessSpawnReq*>(message));
     default:
       panic("Unhandled syscall number: %u", call_id);
   }
+  return 1;
 }
diff --git a/zion/usr/zcall.cpp b/zion/usr/zcall.cpp
index 8b2f285..75dbd1f 100644
--- a/zion/usr/zcall.cpp
+++ b/zion/usr/zcall.cpp
@@ -11,3 +11,11 @@ uint64_t SysCall1(uint64_t number, const void* first) {
 uint64_t ZDebug(const char* message) {
   return SysCall1(Z_DEBUG_PRINT, message);
 }
+
+uint64_t ZProcessSpawn(uint64_t elf_base, uint64_t elf_size) {
+  ZProcessSpawnReq req{
+      .elf_base = elf_base,
+      .elf_size = elf_size,
+  };
+  return SysCall1(Z_PROCESS_SPAWN, &req);
+}