diff --git a/snippets/phidecheck.py b/snippets/phidecheck.py
index e03522e..8751eba 100644
--- a/snippets/phidecheck.py
+++ b/snippets/phidecheck.py
@@ -13,19 +13,19 @@ if __name__ == "__main__":
     quit(0)
 
   # build list from PsActiveProcessHead
-  pActiveProcessList = getOffset("nt", "PsActiveProcessHead")
-  lstTypedActiveProcesses = typedVarList(pActiveProcessList, "nt", "_EPROCESS", "ActiveProcessLinks")
+  pActiveProcessList = getOffset("nt!PsActiveProcessHead")
+  lstTypedActiveProcesses = typedVarList(pActiveProcessList, "nt!_EPROCESS", "ActiveProcessLinks")
   lstActiveProcesses = [process.getAddress() for process in lstTypedActiveProcesses]
-
+  
   # build list from PspCidTable
-  pCidTable = ptrPtr(getOffset("nt", "PspCidTable"))
-  pProcessType = ptrPtr(getOffset("nt", "PsProcessType"))
+  pCidTable = ptrPtr(getOffset("nt!PspCidTable"))
+  pProcessType = ptrPtr(getOffset("nt!PsProcessType"))
   lstProcessTable = ntobj.getListByHandleTable(pCidTable, pProcessType, False)
 
   # compare lists and print result
   founded = 0
   for processFromTable in lstProcessTable:
-    if (0 == lstActiveProcesses.count(processFromTable)):
-      dprintln("!process 0x%X removed from PsActiveProcessHead" % processFromTable)
+    if (0 == lstActiveProcesses.count( addr64(processFromTable[0]) )):
+      dprintln("!process 0x%X removed from PsActiveProcessHead" % processFromTable[0] )
       founded += 1
   dprintln("checked %u processes" % len(lstProcessTable) + (", %u hidden" % founded if (0 != founded) else ", hidden not found"))