diff --git a/source/firm.c b/source/firm.c
index ecf5952..b1f98c7 100755
--- a/source/firm.c
+++ b/source/firm.c
@@ -212,7 +212,12 @@ void main(void)
 
     loadFirm(firmType, !firmType && updatedSys == !firmSource);
 
-    patchExceptionHandlersInstall((u8 *)firm + section[2].offset, section[2].size);
+    if(DEVMODE)
+    {
+        u32 arm9SectionNum = 0;
+        for(; (u32)(section[arm9SectionNum].address) >> 24 != 0x08 && arm9SectionNum < 4; arm9SectionNum++);
+        patchExceptionHandlersInstall((u8 *)firm + section[arm9SectionNum].offset, section[arm9SectionNum].size);
+    }
     
     switch(firmType)
     {
diff --git a/source/patches.c b/source/patches.c
index 6d5f853..1e11fb5 100644
--- a/source/patches.c
+++ b/source/patches.c
@@ -81,9 +81,16 @@ void patchFirmWriteSafe(u8 *pos, u32 size)
 
 void patchExceptionHandlersInstall(u8 *pos, u32 size)
 {
-    const u8 pattern[] = {0x50, 0x50, 0x9F, 0xE5};
-
-    u32 *off = (u32 *)memsearch(pos, pattern, size, 4) - 1;
+    const u8 pattern[] = {
+        0x18, 0x10, 0x80, 0xE5, 
+        0x10, 0x10, 0x80, 0xE5, 
+        0x20, 0x10, 0x80, 0xE5, 
+        0x28, 0x10, 0x80, 0xE5,
+    }; //i.e when it stores ldr pc, [pc, #-4]
+    
+    u32* off = (u32 *)(memsearch(pos, pattern, size, sizeof(pattern)));
+    if(off == NULL) return;
+    off += sizeof(pattern)/4;
 
     u32 r0 = 0x08000000;
 
@@ -121,11 +128,12 @@ void patchUnitInfoValueSet(u8 *pos, u32 size)
 void patchKernelFCRAMAndVRAMMappingPermissions(u8 *pos, u32 size)
 {
     //Look for MMU config
-    const u8 pattern[] = {0xC4, 0xDD, 0xFA, 0x1F};
+    const u8 pattern[] = {0x97, 0x05, 0x00, 0x00, 0x15, 0xE4, 0x00, 0x00};
 
-    u32* off = (u32 *)memsearch(pos, pattern, size, 4);
+    u32 *off = (u32 *)memsearch(pos, pattern, size, 8);
+    while(off != NULL && *off != 0x16416) off--;
 
-    if(off != NULL) off[1] &= ~(1 << 4); //Clear XN bit
+    if(off != NULL) *off &= ~(1 << 4); //Clear XN bit
 }
 
 void reimplementSvcBackdoor(u8 *pos, u32 size)