diff --git a/reactos/ntoskrnl/mm/marea.c b/reactos/ntoskrnl/mm/marea.c
index b0e35486469..3844def8e59 100644
--- a/reactos/ntoskrnl/mm/marea.c
+++ b/reactos/ntoskrnl/mm/marea.c
@@ -167,28 +167,44 @@ MmLocateMemoryAreaByAddress(
     PMMSUPPORT AddressSpace,
     PVOID Address_)
 {
-    PMEMORY_AREA Node = (PMEMORY_AREA)AddressSpace->WorkingSetExpansionLinks.Flink;
-    ULONG_PTR Address = (ULONG_PTR)Address_;
+    ULONG_PTR StartVpn = (ULONG_PTR)Address_ / PAGE_SIZE;
+    PEPROCESS Process;
+    PMM_AVL_TABLE Table;
+    PMMADDRESS_NODE Node;
+    PMEMORY_AREA MemoryArea;
+    TABLE_SEARCH_RESULT Result;
+    PMMVAD_LONG Vad;
 
-    DPRINT("MmLocateMemoryAreaByAddress(AddressSpace %p, Address %p)\n",
-           AddressSpace, Address);
+    Process = MmGetAddressSpaceOwner(AddressSpace);
+    Table = (Process != NULL) ? &Process->VadRoot : &MiRosKernelVadRoot;
 
-    while (Node != NULL)
+    Result = MiCheckForConflictingNode(StartVpn, StartVpn, Table, &Node);
+    if (Result != TableFoundNode)
     {
-        if (Address < MA_GetStartingAddress(Node))
-            Node = Node->LeftChild;
-        else if (Address >= MA_GetEndingAddress(Node))
-            Node = Node->RightChild;
-        else
-        {
-            DPRINT("MmLocateMemoryAreaByAddress(%p): %p [%p - %p]\n",
-                   Address, Node, MA_GetStartingAddress(Node), MA_GetEndingAddress(Node));
-            return Node;
-        }
+        return NULL;
     }
 
-    DPRINT("MmLocateMemoryAreaByAddress(%p): 0\n", Address);
-    return NULL;
+    Vad = (PMMVAD_LONG)Node;
+    if (Vad->u.VadFlags.Spare == 0)
+    {
+        /* Check if this is VM VAD */
+        if (Vad->ControlArea == NULL)
+        {
+            /* We store the reactos MEMORY_AREA here */
+            MemoryArea = (PMEMORY_AREA)Vad->FirstPrototypePte;
+        }
+        else
+        {
+            /* This is a section VAD. Store the MAREA here for now */
+            MemoryArea = (PMEMORY_AREA)Vad->u4.Banked;
+        }
+    }
+    else
+    {
+        MemoryArea = (PMEMORY_AREA)Node;
+    }
+
+    return MemoryArea;
 }
 
 PMEMORY_AREA
diff --git a/reactos/ntoskrnl/mm/mmfault.c b/reactos/ntoskrnl/mm/mmfault.c
index 223e0317bb7..8750be3facc 100644
--- a/reactos/ntoskrnl/mm/mmfault.c
+++ b/reactos/ntoskrnl/mm/mmfault.c
@@ -221,6 +221,14 @@ MmAccessFault(IN BOOLEAN StoreInstruction,
 #endif
     }
 
+    /* Handle shared user page, which doesn't have a VAD / MemoryArea */
+    if (PAGE_ALIGN(Address) == (PVOID)MM_SHARED_USER_DATA_VA)
+    {
+        /* This is an ARM3 fault */
+        DPRINT("ARM3 fault %p\n", MemoryArea);
+        return MmArmAccessFault(StoreInstruction, Address, Mode, TrapInformation);
+    }
+
     /* Is there a ReactOS address space yet? */
     if (MmGetKernelAddressSpace())
     {