From 01655fbbb0b32e774a69e31a9866597357d32014 Mon Sep 17 00:00:00 2001
From: PTRCoder <pj.de.bruijne@gmail.com>
Date: Fri, 23 Aug 2024 23:44:16 +0200
Subject: [PATCH] Added retrieval of VAddr from input

---
 src/core/hle/service/ac/ac.cpp | 26 +++++++++++++++-----------
 1 file changed, 15 insertions(+), 11 deletions(-)

diff --git a/src/core/hle/service/ac/ac.cpp b/src/core/hle/service/ac/ac.cpp
index 233dbbf49..2fcd7b048 100644
--- a/src/core/hle/service/ac/ac.cpp
+++ b/src/core/hle/service/ac/ac.cpp
@@ -197,12 +197,20 @@ void Module::Interface::ScanAPs(Kernel::HLERequestContext& ctx) {
     // Arg 3 is PID
     const u32 pid = rp.PopPID();
     LOG_WARNING(Service_AC, "PID: {}", pid);
-    // Likely time transpired between consecutive calls of this method.
-    // First call has value 0 or 1. Second call has value 0xFFFF0000.
-    const u32 unknown = rp.Pop<u32>();
-    LOG_WARNING(Service_AC, "val4: {}", unknown);
+    
+    std::shared_ptr<Kernel::Thread> thread = ctx.ClientThread();
+    auto current_process = thread->owner_process.lock();
+    Memory::MemorySystem& memory = ctx->kernel.memory;
+    LOG_WARNING(Service_AC, "Retrieved thread, process and memory");
 
-    std::vector<u8> buffer(size);
+    // According to 3dbrew, the output structure pointer is located 0x100 bytes after the beginning
+    // of cmd_buff
+    VAddr cmd_addr = thread->GetCommandBufferAddress();
+    VAddr buffer_vaddr = cmd_addr + 0x100;
+    u32* buffer_info = static_cast<u32*>(memory.GetPointer());
+    const u32 descr = buffer_info[0];
+    ASSERT(descr == ((size << 14) | 2));    // preliminary check
+    const VAddr output_buffer = buffer_info[1]; // address to output buffer
 
     Network::MacAddress mac = Network::BroadcastMac;
     u32 mac1 = (mac[0] << 8) | (mac[1]);
@@ -218,12 +226,9 @@ void Module::Interface::ScanAPs(Kernel::HLERequestContext& ctx) {
     cmd_buf[16] = 0;
     cmd_buf[17] = 0;   // set to 0 to ignore it
     cmd_buf[18] = (size << 4) | 12; // should be considered correct for mapped buffer
-    cmd_buf[19] = 0;    // if i interpreted the code correctly, this value won't matter
+    cmd_buf[19] = output_buffer;
 
     LOG_WARNING(Service_AC, "Finished setting up command buffer");
-    std::shared_ptr<Kernel::Thread> thread = ctx.ClientThread();
-    auto current_process = thread->owner_process.lock();
-    LOG_WARNING(Service_AC, "Retrieved thread and process");
 
     auto context =
             std::make_shared<Kernel::HLERequestContext>(Core::System::GetInstance().Kernel(), 
@@ -246,8 +251,7 @@ void Module::Interface::ScanAPs(Kernel::HLERequestContext& ctx) {
     IPC::RequestParser rp2(*context);
     rb.Push(rp2.Pop<u32>());
     Kernel::MappedBuffer mapped_buffer = rp2.PopMappedBuffer();
-    mapped_buffer.Read(buffer.data(), 0, buffer.size());
-    rb.PushStaticBuffer(buffer, 0);
+    rb.PushMappedBuffer(mapped_buffer);
     LOG_WARNING(Service_AC, "(STUBBED) called, pid={}, unknown={}", pid, unknown);
 }