diff --git a/libr/anal/p/anal_x86_udis.c b/libr/anal/p/anal_x86_udis.c
index afa8219d3c..dcc905071a 100644
--- a/libr/anal/p/anal_x86_udis.c
+++ b/libr/anal/p/anal_x86_udis.c
@@ -131,7 +131,7 @@ static st64 getval(ud_operand_t *op) {
 	int bits = op->size;
 	switch (op->type) {
 	case UD_OP_PTR:
-		return (op->lval.ptr.seg<<4) | (op->lval.ptr.off & 0xFFFF);
+		return (op->lval.ptr.seg<<4) + (op->lval.ptr.off & 0xFFFF);
 	default:
 		break;
 	}
@@ -385,9 +385,11 @@ default:
 			op->type = R_ANAL_OP_TYPE_UCALL;
 			op->jump = 0; // EAX, EBX, ... use anal->reg
 			break;
+		case UD_OP_PTR:
+			op->jump = (int)getval (&u.operand[0]);
+			break;
 		case UD_OP_IMM:
 		case UD_OP_MEM:
-		case UD_OP_PTR:
 		default:
 			op->jump = addr + oplen + (int)getval (&u.operand[0]);
 		}
diff --git a/libr/bin/p/bin_mz.c b/libr/bin/p/bin_mz.c
index 721425191e..50c723a225 100644
--- a/libr/bin/p/bin_mz.c
+++ b/libr/bin/p/bin_mz.c
@@ -71,8 +71,7 @@ static RList* entries(RBinFile *arch) {
 	if (!(ret = r_list_new ()))
 		return NULL;
 	ret->free = free;
-	off = exe->header_paragraphs * 16L;
-	off += exe->ip; // XXX
+	off = (exe->cs << 4) + exe->ip;
 	if ((ptr = R_NEW (RBinAddr))) {
 		ptr->paddr = off;
 		ptr->vaddr = off;