diff --git a/source/firm.c b/source/firm.c
index 3d52a86..6b983cc 100755
--- a/source/firm.c
+++ b/source/firm.c
@@ -369,7 +369,7 @@ static inline void reimplementSvcBackdoor(void)
 {
     u8 *arm11Section1 = (u8 *)firm + section[1].offset;
 
-    u32 exceptionsPage;
+    u32 *exceptionsPage;
 
     u32 *svcTable = getSvcAndExceptions(arm11Section1, section[1].size, &exceptionsPage);
 
@@ -377,11 +377,11 @@ static inline void reimplementSvcBackdoor(void)
     {
         u32 *freeSpace;
 
-        for(freeSpace = (u32 *)exceptionsPage; *freeSpace != 0xFFFFFFFF; freeSpace++);
+        for(freeSpace = exceptionsPage; *freeSpace != 0xFFFFFFFF; freeSpace++);
 
         memcpy(freeSpace, svcBackdoor, 40);
 
-        svcTable[0x7B] = 0xFFFF0000 + (u32)((u8 *)freeSpace - exceptionsPage);
+        svcTable[0x7B] = 0xFFFF0000 + (u32)((u8 *)freeSpace - (u8 *)exceptionsPage);
     }
 }
 
diff --git a/source/patches.c b/source/patches.c
index 01d8cee..7d7cd4f 100644
--- a/source/patches.c
+++ b/source/patches.c
@@ -100,13 +100,13 @@ u32 getLoader(u8 *pos, u32 *loaderSize)
     return (u32)(off - pos);
 }
 
-u32 *getSvcAndExceptions(u8 *pos, u32 size, u32 *exceptionsPage)
+u32 *getSvcAndExceptions(u8 *pos, u32 size, u32 **exceptionsPage)
 {
-    const u8 pattern[] = {0x00, 0xB0, 0x9C, 0xE5};
+    const u8 pattern[] = {0x00, 0xB0, 0x9C, 0xE5}; //cpsid aif
     
-    *exceptionsPage = (u32)memsearch(pos, pattern, size, 4) - 0x2C;
+    *exceptionsPage = (u32 *)(memsearch(pos, pattern, size, 4) - 0x2C);
 
-    u32 svcOffset = (-((*(u32 *)(*exceptionsPage + 8) & 0xFFFFFF) << 2) & 0xFFFFF) - 8; //Branch offset + 8 for prefetch
+    u32 svcOffset = (-(((*exceptionsPage)[2] & 0xFFFFFF) << 2) & (0xFFFFFF << 2)) - 8; //Branch offset + 8 for prefetch
     u32 *svcTable = (u32 *)(pos + *(u32 *)(pos + 0xFFFF0008 - svcOffset - 0xFFF00000 + 8) - 0xFFF00000); //SVC handler address
     while(*svcTable) svcTable++; //Look for SVC0 (NULL)
 
diff --git a/source/patches.h b/source/patches.h
index 0a6f710..72ad5bc 100644
--- a/source/patches.h
+++ b/source/patches.h
@@ -25,4 +25,4 @@ void *getReboot(u8 *pos, u32 size, u32 process9MemAddr, u32 *fOpenOffset);
 u16 *getFirmWrite(u8 *pos, u32 size);
 u16 *getFirmWriteSafe(u8 *pos, u32 size);
 u32 getLoader(u8 *pos, u32 *loaderSize);
-u32 *getSvcAndExceptions(u8 *pos, u32 size, u32 *exceptionsPage);
\ No newline at end of file
+u32 *getSvcAndExceptions(u8 *pos, u32 size, u32 **exceptionsPage);
\ No newline at end of file