wtf

proxyclient/experiments/dcp.py

@@ -4,6 +4,7 @@ import sys, pathlib
 sys.path.append(str(pathlib.Path(__file__).resolve().parents[1]))
 
 import struct
+from construct import *
 
 from m1n1.setup import *
 from m1n1.shell import run_shell
@@ -137,302 +138,50 @@ mgr.setBrightnessCorrection(65536)
 mgr.set_parameter_dcp(3, [65536], 1)
 mgr.set_parameter_dcp(6, [65536], 1)
 
-swap_rec = unhex(f"""
-/*000*/ 2e 9e fe 55 00 00 00 00  dd 3e 6b 6b 00 00 00 00
-/*010*/ 00 00 00 00 00 00 00 00  00 00 00 00 00 00 00 00
-/*020*/ f6 7f be 5d fe ca 99 00  00 00 00 00 00 00 00 00
-/*030*/ 65 bb 81 6b 00 00 00 00  00 00 00 00 00 00 00 00
-/*040*/ 02 12 86 00 00 00 00 00  04 00 00 00 00 00 00 00
+surface_id = 3
 
-/* swap id */
-    {swapid.val:02x} 00 00 00 
+swap_rec = Container(
+    flags1 = 0x861202,
+    flags2 = 0x04,
+    swap_id = swapid.val,
+    surf_ids = [surface_id, 0, 0, 0],
+    src_rect = [[0, 0, 1920, 1080],[0,0,0,0],[0,0,0,0],[0,0,0,0]],
+    surf_flags = [1, 0, 0, 0],
+    surf_unk = [0, 0, 0, 0],
+    dst_rect = [[0, 0, 1920, 1080],[0,0,0,0],[0,0,0,0],[0,0,0,0]],
+    swap_enabled = 0x80000007,
+    swap_completed = 0x80000007,
+)
 
-/* 54: surface ids */
-    03 00 00 00  12 00 00 00  00 00 00 00  00 00 00 00 
+surf = Container(
+    is_tiled = False,
+    unk_1 = False,
+    unk_2 = False,
+    plane_cnt = 0,
+    plane_cnt2 = 0,
+    format = "BGRA",
+    unk_13 = 13,
+    unk_14 = 1,
+    stride = 1920 * 4,
+    pix_size = 4,
+    pel_w = 1,
+    pel_h = 1,
+    offset = 0,
+    width = 1920,
+    height = 1080,
+    buf_size = 1920 * 1080 * 4,
+    surface_id = surface_id,
+    has_comp = True,
+    has_planes = True,
+    has_compr_info = False,
+    unk_1f5 = 0,
+    unk_1f9 = 0,
+)
 
-/* 64: surface dimensions */
-/*                        w            h */
-00 00 00 00  00 00 00 00  80 07 00 00  38 04 00 00 
-00 00 00 00  00 00 00 00  80 00 00 00  80 00 00 00
-00 00 00 00  00 00 00 00  00 00 00 00  00 00 00 00
-00 00 00 00  00 00 00 00  00 00 00 00  00 00 00 00
+iova = 0x7e0000
 
-/* a4: valid flags ? */
-    01 00 00 00  01 00 00 00  00 00 00 00  00 00 00 00
-
-/* b4: unk */
-    00 00 00 00  00 00 00 00  00 00 00 00  00 00 00 00
-
-/* surface rects */
-/* x             y            w            h */
-   00 00 00 00   00 00 00 00  80 07 00 00  38 04 00 00
-   00 01 00 00   00 01 00 00  80 00 00 00  80 00 00 00
-   00 00 00 00   00 00 00 00  00 00 00 00  00 00 00 00
-   00 00 00 00   00 00 00 00  00 00 00 00  00 00 00 00
-
-/*100*/             07 00 00 80  07 00 00 80 00 00 00 ff
-/*                  enabled....  completed..    */
-
-/*110*/ 00 00 00 00 00 00 00 00  00 00 00 00 00 00 00 00
-""") + b"\x00" * (0x2c0 - 0x120) + unhex("""
-    00 00 00 00 00 00 00 00  00 00 00 01 00 00 00 00
-    00 00 00 00 00 00 00 00  00 00 00 00 00 00 00 00
-    00 00 00 01 00 00 00 00  00 00 00 00 00 00 00 00
-""") + b"\x00" * (0x320 - 0x2f0)
-
-swap_rec = unhex(f"""
-/*000*/ 2e 9e fe 55 00 00 00 00  dd 3e 6b 6b 00 00 00 00
-/*010*/ 00 00 00 00 00 00 00 00  00 00 00 00 00 00 00 00
-/*020*/ f6 7f be 5d fe ca 99 00  00 00 00 00 00 00 00 00
-/*030*/ 65 bb 81 6b 00 00 00 00  00 00 00 00 00 00 00 00
-/*040*/ 02 12 86 00 00 00 00 00  04 00 00 00 00 00 00 00
-
-/* swap id */
-    {swapid.val:02x} 00 00 00 
-
-/* 54: surface ids */
-    03 00 00 00  00 00 00 00  00 00 00 00  00 00 00 00 
-
-/* 64: src rects */
-/*                        w            h */
-00 00 00 00  00 00 00 00  80 07 00 00  38 04 00 00 
-00 00 00 00  00 00 00 00  00 00 00 00  00 00 00 00
-00 00 00 00  00 00 00 00  00 00 00 00  00 00 00 00
-00 00 00 00  00 00 00 00  00 00 00 00  00 00 00 00
-
-/* a4: valid flags ? */
-    01 00 00 00  00 00 00 00  00 00 00 00  00 00 00 00
-
-/* b4: unk */
-    00 00 00 00  00 00 00 00  00 00 00 00  00 00 00 00
-
-/* dst rects */
-/* x             y            w            h */
-   00 00 00 00   00 00 00 00  80 07 00 00  38 04 00 00
-   00 00 00 00   00 00 00 00  00 00 00 00  00 00 00 00
-   00 00 00 00   00 00 00 00  00 00 00 00  00 00 00 00
-   00 00 00 00   00 00 00 00  00 00 00 00  00 00 00 00
-
-/*100*/             07 00 00 80  07 00 00 80 00 00 00 ff
-/*                  enabled....  completed..    */
-
-/*110*/ 00 00 00 00 00 00 00 00  00 00 00 00 00 00 00 00
-""") + b"\x00" * (0x2c0 - 0x120) + unhex("""
-    00 00 00 00 00 00 00 00  00 00 00 01 00 00 00 00
-    00 00 00 00 00 00 00 00  00 00 00 00 00 00 00 00
-    00 00 00 00 00 00 00 00  00 00 00 00 00 00 00 00
-""") + b"\x00" * (0x320 - 0x2f0)
-
-
-assert len(swap_rec) == 0x320
-
-chexdump(swap_rec)
-
-surf_mouse = unhex("""
-    00 00 00 00
-    00 00 00 00
-    00 00 00
-    
-    /* format */
-    41 52 47 42
-    00 00 00 00
-    0D 01 00 02
-    00 00 04 00
-    01 01 00 00
-    00 00
-    
-    80 00 00 00 /* plane width */
-    80 00 00 00 /* plane height */
-    00 00 01 00 /* plane size in bytes */
-    00 00 00 00
-
-    00 00 00 00
-    12 00 00 00
-    00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
-    00 00 00 00 00 00 00 00
-    
-    01 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00  
-    00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00   
-    00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00   
-    00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00   
-    00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00   
-    00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00   
-    00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00   
-    00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00   
-    00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00   
-    00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00   
-    00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00   
-    00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00   
-    00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00   
-    00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00   
-    00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00   
-    00 00 00 00 00 00 00 00 01 00 00 00 00 00 00 00  
-    00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00   
-    00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00   
-    00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00   
-    00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00   
-    00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00   
-    00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00   
-    00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00   
-    00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00   
-    00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00   
-    00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00   
-    00 00 00 00 00 00 00 00 00 00 00 00 AA AA AA AA  
-    AA AA AA                                       
-""")
-
-surf_argb = unhex("""
-    00 00 00 00
-    00 00 00 00
-    00 00 00
-    
-    /* format */
-    41 52 47 42
-    00 00 00 00
-    0D 01
-    
-    00 1e 00 00 /* stride */
-    
-    04 00
-    01 01 00 00
-    00 00
-    
-    80 07 00 00 /* plane width */
-    38 04 00 00 /* plane height */
-    00 90 7e 00 /* plane size in bytes */
-    00 00 00 00
-    
-    00 00 00 00
-    03 00 00 00
-    00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
-    00 00 00 00 00 00 00 00
-    
-    01 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00  
-    00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00   
-    00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00   
-    00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00   
-    00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00   
-    00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00   
-    00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00   
-    00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00   
-    00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00   
-    00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00   
-    00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00   
-    00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00   
-    00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00   
-    00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00   
-    00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00   
-    00 00 00 00 00 00 00 00 01 00 00 00 00 00 00 00  
-    00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00   
-    00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00   
-    00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00   
-    00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00   
-    00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00   
-    00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00   
-    00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00   
-    00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00   
-    00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00   
-    00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00   
-    00 00 00 00 00 00 00 00 00 00 00 00 AA AA AA AA  
-    AA AA AA                                   
-""")
-
-surf = unhex("""
-    00 00 00 02
-    00 00 00 02
-    00 00 00
-    
-    /* format */
-    38 33 62 26
-    
-    00 00 00 00
-    0D 02 80 07
-    00 00 01 00
-    01 01 00 00
-    00 00
-    
-    80 07 00 00 /* plane width */
-    38 04 00 00 /* plane height */
-    00 60 A3 00 /* plane size in bytes */
-    00 00 00 00 00 00 00 00 03 00 00 00 00 AA AA AA AA AA AA
-    AA 00 AA AA AA AA AA AA AA
-    
-    00 00 00 00 00 00 00 00 01 00 00 00 00 00 00 00
-    
-    80 07 00 00 /* plane width (compressed only?) */
-    38 04 00 00 /* plane height (compressed only?) */
-    00 00 00 00 00 00 00 00
-    
-    00 E0 01 00 00 80 81
-    00 00 04 10 10 AA AA AA AA AA AA AA AA AA AA AA
-    AA AA 05 AA AA AA AA AA AA AA AA AA AA AA AA AA
-    AA AA AA AA AA AA AA AA AA AA AA AA AA AA AA AA
-    AA AA AA AA AA AA AA AA AA 80 07 00 00 38 04 00
-    00 00 80 81 00 00 80 81 00 00 78 00 00 00 E0 21
-    00 00 01 10 10 AA AA AA AA AA AA AA AA AA AA AA
-    AA AA 05 AA AA AA AA AA AA AA AA AA AA AA AA AA
-    AA AA AA AA AA AA AA AA AA AA AA AA AA AA AA AA
-    AA AA AA AA AA AA AA AA AA 00 00 00 00 00 00 00
-    00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
-    00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
-    00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
-    00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
-    00 00 00 00 00 00 00 00 00 01 00 00 00 00 00 00
-    00 10 00 00 00 10 00 00 00 00 80 7F 00 00 00 00
-    00 08 00 00 00 78 00 00 00 44 00 00 00 00 00 00
-    00 03 00 00 00 00 00 00 00 AA AA AA 00 04 00 00
-    00 E0 01 00 AA 10 00 00 00 10 00 00 00 00 60 A1
-    00 00 80 81 00 08 00 00 00 78 00 00 00 44 00 00
-    00 00 00 00 00 03 00 00 00 00 00 00 00 AA AA AA
-    00 01 00 00 00 78 00 00 AA 10 00 00 00 10 00 00
-    00 00 60 A1 00 00 80 81 00 08 00 00 00 78 00 00
-    00 44 00 00 00 00 00 00 00 03 00 00 00 00 00 00
-    00 AA AA AA 00 01 00 00 00 78 00 00 AA 01 00 00
-    00 00 00 00 00 00 00 10 00 00 00 10 00 AA AA AA
-    AA AA AA AA                                    
-""")
-
-surf = unhex("""
-00 00 00 02 00 00 00 02 00 00 00 38 33 62 26 00
-00 00 00 0D 02 80 07 00 00 01 00 01 01 00 80 A3
-00 80 07 00 00 38 04 00 00 00 60 A3 00 00 00 00
-00 00 00 00 00 05 00 00 00 00 AA AA AA AA AA AA
-AA 00 AA AA AA AA AA AA AA 00 00 00 00 00 00 00
-00 01 00 00 00 00 00 00 00 80 07 00 00 38 04 00
-00 00 00 00 00 00 00 00 00 00 E0 01 00 00 80 81
-00 00 04 10 10 AA AA AA AA AA AA AA AA AA AA AA
-AA AA 05 AA AA AA AA AA AA AA AA AA AA AA AA AA
-AA AA AA AA AA AA AA AA AA AA AA AA AA AA AA AA
-AA AA AA AA AA AA AA AA AA 80 07 00 00 38 04 00
-00 00 80 81 00 00 80 81 00 00 78 00 00 00 E0 21
-00 00 01 10 10 AA AA AA AA AA AA AA AA AA AA AA
-AA AA 05 AA AA AA AA AA AA AA AA AA AA AA AA AA
-AA AA AA AA AA AA AA AA AA AA AA AA AA AA AA AA
-AA AA AA AA AA AA AA AA AA 00 00 00 00 00 00 00
-00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
-00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
-00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
-00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
-00 00 00 00 00 00 00 00 00 01 00 00 00 00 00 00
-00 10 00 00 00 10 00 00 00 00 80 7F 00 00 00 00
-00 08 00 00 00 78 00 00 00 44 00 00 00 00 00 00
-00 03 00 00 00 00 00 00 00 AA AA AA 00 04 00 00
-00 E0 01 00 AA 10 00 00 00 10 00 00 00 00 60 A1
-00 00 80 81 00 08 00 00 00 78 00 00 00 44 00 00
-00 00 00 00 00 03 00 00 00 00 00 00 00 AA AA AA
-00 01 00 00 00 78 00 00 AA 10 00 00 00 10 00 00
-00 00 60 A1 00 00 80 81 00 08 00 00 00 78 00 00
-00 44 00 00 00 00 00 00 00 03 00 00 00 00 00 00
-00 AA AA AA 00 01 00 00 00 78 00 00 AA 01 00 00
-00 00 00 00 00 00 00 10 00 00 00 10 00 AA AA AA
-AA AA AA AA                                    
-""")
-
-assert len(surf) == 0x204
-assert len(surf_mouse) == 0x204
-
-surfaces = [surf_argb, None, None, None]
-surfAddr = [0x7e0000, 0, 0, 0]
+surfaces = [surf, None, None, None]
+surfAddr = [iova, 0, 0, 0]
 
 outB = ByRef(False)
 
@@ -449,7 +198,7 @@ p.memset8(buf, 0xff, 65536)
 
 iface.writemem(buf, open("cur1.bin", "rb").read())
 
-disp_dart.iomap_at(0, 0x7e0000, buf, 16<<20)
+disp_dart.iomap_at(0, iova, buf, 16<<20)
 
 disp_dart.regs.dump_regs()
 

proxyclient/m1n1/fw/dcp/ipc.py

@@ -119,7 +119,7 @@ class Method:
 
             if nullable:
                 if array_of_p:
-                    self.in_fields.append((name + "_null") / Array(array_size, bool_))
+                    self.in_fields.append((name + "_null") / bool_[array_size])
                     in_size += array_size
                 else:
                     self.in_fields.append((name + "_null") / bool_)
@@ -388,11 +388,14 @@ def Bool(c):
     return ExprAdapter(c, lambda d, ctx: bool(d & 1), lambda d, ctx: int(d))
 
 def SizedArray(count, svar, subcon):
-    return Lazy(Padded(subcon.sizeof() * count, Array(lambda ctx: ctx.get(svar) or ctx._.get(svar), subcon)))
+    return Padded(subcon.sizeof() * count, Array(lambda ctx: min(count, ctx.get(svar, ctx._.get(svar))), subcon))
 
 def SizedBytes(count, svar):
     return Lazy(Padded(count, Bytes(lambda ctx: ctx.get(svar) or ctx._.get(svar))))
 
+def UnkBytes(s):
+    return Default(HexDump(Bytes(s)), b"\x00" * s)
+
 bool_ = Bool(int8_t)
 
 class OSObject(Construct):
@@ -431,8 +434,8 @@ class OSDictionary(OSObject):
     TYPE = 'd'
 
 FourCC = ExprAdapter(uint32_t,
-                     lambda d, ctx: d.to_bytes(4, "big").decode("ascii"),
-                     lambda d, ctx: int.from_bytes(d.encode("ascii"), "big"))
+                     lambda d, ctx: d.to_bytes(4, "big").decode("latin-1"),
+                     lambda d, ctx: int.from_bytes(d.encode("latin-1"), "big"))
 
 void = None
 
@@ -468,8 +471,100 @@ BufferDescriptor = uint64_t
 SwapCompleteData = Bytes(0x12)
 SwapInfoBlob = Bytes(0x680)
 
-IOMFBSwapRec = Bytes(0x320)
-IOSurface = HexDump(Bytes(0x204))
+SWAP_SURFACES = 4
+
+Rect = NamedTuple("rect", "x y w h", Int32ul[4])
+
+IOMFBSwapRec = Struct(
+    "ts1" / Default(Int64ul, 0),
+    "ts2" / Default(Int64ul, 0),
+    "unk_10" / Default(Int64ul, 0),
+    "unk_18" / Default(Int64ul, 0),
+    "ts64_unk" / Default(Int64ul, 0),
+    "unk_28" / Default(Int64ul, 0),
+    "ts3" / Default(Int64ul, 0),
+    "unk_38" / Default(Int64ul, 0),
+    "flags1" / Hex(Int64ul),
+    "flags2" / Hex(Int64ul),
+    "swap_id" / Int32ul,
+    "surf_ids" / Int32ul[SWAP_SURFACES],
+    "src_rect" / Rect[SWAP_SURFACES],
+    "surf_flags" / Int32ul[SWAP_SURFACES],
+    "surf_unk" / Int32ul[SWAP_SURFACES],
+    "dst_rect" / Rect[SWAP_SURFACES],
+    "swap_enabled" / Hex(Int32ul),
+    "swap_completed" / Hex(Int32ul),
+    "unk_10c" / Hex(Default(Int32ul, 0)),
+    "unk_110" / UnkBytes(0x1b8),
+    "unk_2c8" / Hex(Default(Int32ul, 0)),
+    "unk_2cc" / UnkBytes(0x14),
+    "unk_2e0" / Hex(Default(Int32ul, 0)),
+    "unk_2e4" / UnkBytes(0x3c),
+)
+
+assert IOMFBSwapRec.sizeof() == 0x320
+
+MAX_PLANES = 3
+
+ComponentTypes = Struct(
+    "count" / Int8ul,
+    "types" / SizedArray(7, "count", Int8ul),
+)
+
+#ComponentTypes = Bytes(8)
+
+PlaneInfo = Struct(
+    "width" / Int32ul,
+    "height" / Int32ul,
+    "base" / Hex(Int32ul),
+    "offset" / Hex(Int32ul),
+    "stride" / Hex(Int32ul),
+    "size" / Hex(Int32ul),
+    "tile_size" / Int16ul,
+    "tile_w" / Int8ul,
+    "tile_h" / Int8ul,
+    "unk1" / UnkBytes(0xd),
+    "unk2" / Hex(Int8ul),
+    "unk3" / UnkBytes(0x26),
+)
+
+print(hex(PlaneInfo.sizeof()))
+assert PlaneInfo.sizeof() == 0x50
+
+IOSurface = Struct(
+    "is_tiled" / bool_,
+    "unk_1" / bool_,
+    "unk_2" / bool_,
+    "plane_cnt" / Int32ul,
+    "plane_cnt2" / Int32ul,
+    "format" / FourCC,
+    "unk_f" / Default(Hex(Int32ul), 0),
+    "unk_13" / Int8ul,
+    "unk_14" / Int8ul,
+    "stride" / Int32ul,
+    "pix_size" / Int16ul,
+    "pel_w" / Int8ul,
+    "pel_h" / Int8ul,
+    "offset" / Default(Hex(Int32ul), 0),
+    "width" / Int32ul,
+    "height" / Int32ul,
+    "buf_size" / Hex(Int32ul),
+    "unk_2d" / Default(Int32ul, 0),
+    "unk_31" / Default(Int32ul, 0),
+    "surface_id" / Int32ul,
+    "comp_types" / Default(SizedArray(MAX_PLANES, "plane_cnt", ComponentTypes), []),
+    "has_comp" / Bool(Int64ul),
+    "planes" / Default(SizedArray(MAX_PLANES, "plane_cnt", PlaneInfo), []),
+    "has_planes" / Bool(Int64ul),
+    "compression_info" / Default(SizedArray(MAX_PLANES, "plane_cnt", UnkBytes(0x34)), []),
+    "has_compr_info" / Bool(Int64ul),
+    "unk_1f5" / Int32ul,
+    "unk_1f9" / Int32ul,
+    "padding" / UnkBytes(7),
+)
+
+print(hex(IOSurface.sizeof()))
+assert IOSurface.sizeof() == 0x204
 
 IOMFBColorFixedMatrix = Array(5, Array(3, ulong))
 
@@ -502,7 +597,7 @@ class UnifiedPipeline2(IPCObject):
     D111 = Callback(bool_, "create_backlight_service")
     D116 = Callback(bool_, "start_hardware_boot")
     D118 = Callback(bool_, "is_waking_from_hibernate")
-    D120 = Callback(bool_, "read_edt_data", key=string(0x40), count=uint, value=InOut(SizedArray(8, "count", uint32_t)))
+    D120 = Callback(bool_, "read_edt_data", key=string(0x40), count=uint, value=InOut(Lazy(SizedArray(8, "count", uint32_t))))
 
     D122 = Callback(bool_, "setDCPAVPropStart", length=uint)
     D123 = Callback(bool_, "setDCPAVPropChunk", data=HexDump(SizedBytes(0x1000, "length")), offset=uint, length=uint)
@@ -547,12 +642,13 @@ class IOMobileFramebufferAP(IPCObject):
     A427 = Call(uint32_t, "setBrightnessCorrection", uint)
 
     A435 = Call(uint32_t, "set_block_dcp", arg1=uint64_t, arg2=uint, arg3=uint, arg4=Array(8, ulong), arg5=uint, data=SizedBytes(0x1000, "length"), length=ulong)
-    A439 = Call(uint32_t, "set_parameter_dcp", param=IOMFBParameterName, value=SizedArray(4, "count", ulong), count=uint)
+    A439 = Call(uint32_t, "set_parameter_dcp", param=IOMFBParameterName, value=Lazy(SizedArray(4, "count", ulong)), count=uint)
 
     A440 = Call(uint, "display_width")
     A441 = Call(uint, "display_height")
     A442 = Call(void, "get_display_size", OutPtr(uint), OutPtr(uint))
     A443 = Call(int_, "do_create_default_frame_buffer")
+    A444 = Call(void, "printRegs")
     A447 = Call(int_, "enable_disable_video_power_savings", uint)
     A454 = Call(void, "first_client_open")
     A456 = Call(bool_, "writeDebugInfo", ulong)