diff --git a/re_kernel/re_kernel.c b/re_kernel/re_kernel.c
index 757f6f8..5513579 100644
--- a/re_kernel/re_kernel.c
+++ b/re_kernel/re_kernel.c
@@ -524,15 +524,18 @@ static long calculate_offsets() {
       break;
     } else if (binder_node_has_async_transaction_offset == UZERO && (binder_proc_transaction_src[i] & MASK_STRB) == INST_STRB) {
       uint64_t imm12 = bits32(binder_proc_transaction_src[i], 21, 10);
-      binder_node_has_async_transaction_offset = sign64_extend((imm12), 16u);         // 0x6B
-      binder_node_ptr_offset = binder_node_has_async_transaction_offset - 0x13;       // 0x58
-      binder_node_cookie_offset = binder_node_has_async_transaction_offset - 0xB;     // 0x60
-      binder_node_async_todo_offset = binder_node_has_async_transaction_offset + 0x5; // 0x70
+      uint64_t offset = sign64_extend((imm12), 16u);
+      if (offset != 0x6B && offset != 0x7B)
+        continue;
+      binder_node_has_async_transaction_offset = offset; // 0x6B
+      binder_node_ptr_offset = offset - 0x13;            // 0x58
+      binder_node_cookie_offset = offset - 0xB;          // 0x60
+      binder_node_async_todo_offset = offset + 0x5;      // 0x70
       // 目前只有 harmony 内核需要特殊设置
-      if (binder_node_has_async_transaction_offset == 0x6B) {
+      if (offset == 0x6B) {
         binder_node_lock_offset = 0x4;
         binder_transaction_from_offset = 0x20;
-      } else if (binder_node_has_async_transaction_offset == 0x7B) {
+      } else if (offset == 0x7B) {
         binder_node_lock_offset = 0x8;
         binder_transaction_from_offset = 0x28;
       }
diff --git a/re_kernel/re_utils.h b/re_kernel/re_utils.h
index 0ee886a..87b07d2 100644
--- a/re_kernel/re_utils.h
+++ b/re_kernel/re_utils.h
@@ -45,6 +45,7 @@ typedef uint32_t inst_mask_t;
 #define INST_MOV_Rm_2_Rn_WZR 0x2A0203E0u
 #define INST_MOV_Rm_3_Rn_WZR 0x2A0303E0u
 #define INST_MOV_Rm_4_Rn_WZR 0x2A0403E0u
+#define INST_MOV_Rm_WZR 0x2A1F03E0u
 #define INST_MRS_SP_EL0 0xD5384100u
 #define INST_STR_Rn_SP_Rt_3 0xB90003E3u
 #define INST_STR_Rn_SP_Rt_4 0xB90003E4u
@@ -83,6 +84,7 @@ typedef uint32_t inst_mask_t;
 #define MASK_MOV_Rm_2_Rn_WZR 0x7FFFFFE0u
 #define MASK_MOV_Rm_3_Rn_WZR 0x7FFFFFE0u
 #define MASK_MOV_Rm_4_Rn_WZR 0x7FFFFFE0u
+#define MASK_MOV_Rm_WZR 0x7FFFFFE0u
 #define MASK_MRS_SP_EL0 0xFFFFFFE0u
 #define MASK_STR_Rn_SP_Rt_3 0xBFC003FFu
 #define MASK_STR_Rn_SP_Rt_4 0xBFC003FFu