diff --git a/format/pyrdp/pdu/client_data.go b/format/pyrdp/pdu/client_data.go
index 23436024..fb939180 100644
--- a/format/pyrdp/pdu/client_data.go
+++ b/format/pyrdp/pdu/client_data.go
@@ -54,7 +54,7 @@ var clientDataMap = scalar.UintMapSymStr{
 	CLIENT_CLUSTER:  "cluster",
 }
 
-func ParseClientData(d *decode.D, length int64) {
+func parseClientData(d *decode.D, length int64) {
 	d.FieldStruct("client_data", func(d *decode.D) {
 		header := d.FieldU16("header", clientDataMap)
 		dataLen := int64(d.FieldU16("length") - 4)
diff --git a/format/pyrdp/pdu/client_info.go b/format/pyrdp/pdu/client_info.go
index 0bdd8e09..60ab9587 100644
--- a/format/pyrdp/pdu/client_info.go
+++ b/format/pyrdp/pdu/client_info.go
@@ -8,7 +8,7 @@ import (
 	"github.com/wader/fq/pkg/scalar"
 )
 
-func ParseClientInfo(d *decode.D, length int64) {
+func parseClientInfo(d *decode.D, length int64) {
 	d.FieldStruct("client_info", func(d *decode.D) {
 		pos := d.Pos()
 		var (
diff --git a/format/pyrdp/pdu/clipboard_data.go b/format/pyrdp/pdu/clipboard_data.go
index 8fa202d9..076d4c8f 100644
--- a/format/pyrdp/pdu/clipboard_data.go
+++ b/format/pyrdp/pdu/clipboard_data.go
@@ -54,7 +54,7 @@ var cbParseFnMap = map[uint16]interface{}{
 	CB_FORMAT_DATA_RESPONSE: parseCbFormatDataResponse,
 }
 
-func ParseClipboardData(d *decode.D, length int64) {
+func parseClipboardData(d *decode.D, length int64) {
 	d.FieldStruct("clipboard_data", func(d *decode.D) {
 		msgType := uint16(d.FieldU16("msg_type", cbTypesMap))
 		d.FieldU16("msg_flags", cbFlagsMap)
diff --git a/format/pyrdp/pdu/fastpath_input.go b/format/pyrdp/pdu/fastpath_input.go
index 343443b4..76efa22f 100644
--- a/format/pyrdp/pdu/fastpath_input.go
+++ b/format/pyrdp/pdu/fastpath_input.go
@@ -50,7 +50,7 @@ const (
 //	FASTPATH_INPUT_EVENT_QOE_TIMESTAMP: 5,
 //}
 
-func ParseFastPathInput(d *decode.D, length int64) {
+func parseFastPathInput(d *decode.D, length int64) {
 	d.FieldStruct("fastpath_input", func(d *decode.D) {
 		// var (
 		// 	events uint8 = 1
diff --git a/format/pyrdp/pdu/types.go b/format/pyrdp/pdu/types.go
new file mode 100644
index 00000000..0cf30744
--- /dev/null
+++ b/format/pyrdp/pdu/types.go
@@ -0,0 +1,78 @@
+package pdu
+
+import (
+	"github.com/wader/fq/pkg/decode"
+	"github.com/wader/fq/pkg/scalar"
+)
+
+const (
+	// PDU Types.
+	TYPE_FAST_PATH_INPUT            = 1  // Ex: scan codes, mouse, etc.
+	TYPE_FAST_PATH_OUTPUT           = 2  // Ex: image
+	TYPE_CLIENT_INFO                = 3  // Creds on connection
+	TYPE_SLOW_PATH_PDU              = 4  // For slow-path PDUs
+	TYPE_CONNECTION_CLOSE           = 5  // To advertise the end of the connection
+	TYPE_CLIPBOARD_DATA             = 6  // To collect clipboard data
+	TYPE_CLIENT_DATA                = 7  // Contains the clientName
+	TYPE_MOUSE_MOVE                 = 8  // Mouse move event from the player
+	TYPE_MOUSE_BUTTON               = 9  // Mouse button event from the player
+	TYPE_MOUSE_WHEEL                = 10 // Mouse wheel event from the player
+	TYPE_KEYBOARD                   = 11 // Keyboard event from the player
+	TYPE_TEXT                       = 12 // Text event from the player
+	TYPE_FORWARDING_STATE           = 13 // Event from the player to change the state of I/O forwarding
+	TYPE_BITMAP                     = 14 // Bitmap event from the player
+	TYPE_DEVICE_MAPPING             = 15 // Device mapping event notification
+	TYPE_DIRECTORY_LISTING_REQUEST  = 16 // Directory listing request from the player
+	TYPE_DIRECTORY_LISTING_RESPONSE = 17 // Directory listing response to the player
+	TYPE_FILE_DOWNLOAD_REQUEST      = 18 // File download request from the player
+	TYPE_FILE_DOWNLOAD_RESPONSE     = 19 // File download response to the player
+	TYPE_FILE_DOWNLOAD_COMPLETE     = 20 // File download completion notification to the player
+)
+
+var TypesMap = scalar.UintMapSymStr{
+	TYPE_FAST_PATH_INPUT:            "fastpath_input",
+	TYPE_FAST_PATH_OUTPUT:           "fastpath_output",
+	TYPE_CLIENT_INFO:                "client_info",
+	TYPE_SLOW_PATH_PDU:              "slow_path_pdu",
+	TYPE_CONNECTION_CLOSE:           "connection_close",
+	TYPE_CLIPBOARD_DATA:             "clipboard_data",
+	TYPE_CLIENT_DATA:                "client_data",
+	TYPE_MOUSE_MOVE:                 "mouse_move",
+	TYPE_MOUSE_BUTTON:               "mouse_button",
+	TYPE_MOUSE_WHEEL:                "mouse_wheel",
+	TYPE_KEYBOARD:                   "keyboard",
+	TYPE_TEXT:                       "text",
+	TYPE_FORWARDING_STATE:           "forwarding_state",
+	TYPE_BITMAP:                     "bitmap",
+	TYPE_DEVICE_MAPPING:             "device_mapping",
+	TYPE_DIRECTORY_LISTING_REQUEST:  "directory_listing_request",
+	TYPE_DIRECTORY_LISTING_RESPONSE: "directory_listing_response",
+	TYPE_FILE_DOWNLOAD_REQUEST:      "file_download_request",
+	TYPE_FILE_DOWNLOAD_RESPONSE:     "file_download_response",
+	TYPE_FILE_DOWNLOAD_COMPLETE:     "file_download_complete",
+}
+
+func noParse(d *decode.D, length int64) {}
+
+var ParsersMap = map[uint16]interface{}{
+	TYPE_FAST_PATH_INPUT: parseFastPathInput,
+	// TYPE_FAST_PATH_OUTPUT:           parseFastPathOut,
+	TYPE_CLIENT_INFO: parseClientInfo,
+	// TYPE_SLOW_PATH_PDU:              parseSlowPathPDU,
+	TYPE_CONNECTION_CLOSE: noParse,
+	TYPE_CLIPBOARD_DATA:   parseClipboardData,
+	TYPE_CLIENT_DATA:      parseClientData,
+	// TYPE_MOUSE_MOVE:                 parseMouseMove,
+	// TYPE_MOUSE_BUTTON:               parseMouseButton,
+	// TYPE_MOUSE_WHEEL:                parseMouseWheel,
+	// TYPE_KEYBOARD:                   parseKeyboard,
+	// TYPE_TEXT:                       parseText,
+	// TYPE_FORWARDING_STATE:           parseForwardingState,
+	// TYPE_BITMAP:                     parseBitmap,
+	// TYPE_DEVICE_MAPPING:             parseDeviceMapping,
+	// TYPE_DIRECTORY_LISTING_REQUEST:  parseDirectoryListingRequest,
+	// TYPE_DIRECTORY_LISTING_RESPONSE: parseDirectoryListingResponse,
+	// TYPE_FILE_DOWNLOAD_REQUEST:      parseFileDownloadRequest,
+	// TYPE_FILE_DOWNLOAD_RESPONSE:     parseFileDownloadResponse,
+	// TYPE_FILE_DOWNLOAD_COMPLETE:     parseFileDownloadComplete,
+}
diff --git a/format/pyrdp/pdu/util.go b/format/pyrdp/pdu/util.go
deleted file mode 100644
index 3fce295f..00000000
--- a/format/pyrdp/pdu/util.go
+++ /dev/null
@@ -1,16 +0,0 @@
-// Copyright (c) 2022-2023 GoSecure Inc.
-// Copyright (c) 2024 Flare Systems
-// Licensed under the MIT License
-package pdu
-
-import (
-	"fmt"
-
-	"github.com/wader/fq/pkg/scalar"
-)
-
-var CharMapper = scalar.UintFn(func(s scalar.Uint) (scalar.Uint, error) {
-	char := s.Actual
-	s.Sym = fmt.Sprintf("%c", int(char))
-	return s, nil
-})
diff --git a/format/pyrdp/pyrdp.go b/format/pyrdp/pyrdp.go
index 39a26834..904245fc 100644
--- a/format/pyrdp/pyrdp.go
+++ b/format/pyrdp/pyrdp.go
@@ -14,7 +14,7 @@ import (
 	"time"
 
 	"github.com/wader/fq/format"
-	pyrdp_pdu "github.com/wader/fq/format/pyrdp/pdu"
+	"github.com/wader/fq/format/pyrdp/pdu"
 	"github.com/wader/fq/pkg/decode"
 	"github.com/wader/fq/pkg/interp"
 	"github.com/wader/fq/pkg/scalar"
@@ -33,76 +33,6 @@ func init() {
 	interp.RegisterFS(pyrdpFS)
 }
 
-const (
-	// PDU Types.
-	PDU_FAST_PATH_INPUT            = 1  // Ex: scan codes, mouse, etc.
-	PDU_FAST_PATH_OUTPUT           = 2  // Ex: image
-	PDU_CLIENT_INFO                = 3  // Creds on connection
-	PDU_SLOW_PATH_PDU              = 4  // For slow-path PDUs
-	PDU_CONNECTION_CLOSE           = 5  // To advertise the end of the connection
-	PDU_CLIPBOARD_DATA             = 6  // To collect clipboard data
-	PDU_CLIENT_DATA                = 7  // Contains the clientName
-	PDU_MOUSE_MOVE                 = 8  // Mouse move event from the player
-	PDU_MOUSE_BUTTON               = 9  // Mouse button event from the player
-	PDU_MOUSE_WHEEL                = 10 // Mouse wheel event from the player
-	PDU_KEYBOARD                   = 11 // Keyboard event from the player
-	PDU_TEXT                       = 12 // Text event from the player
-	PDU_FORWARDING_STATE           = 13 // Event from the player to change the state of I/O forwarding
-	PDU_BITMAP                     = 14 // Bitmap event from the player
-	PDU_DEVICE_MAPPING             = 15 // Device mapping event notification
-	PDU_DIRECTORY_LISTING_REQUEST  = 16 // Directory listing request from the player
-	PDU_DIRECTORY_LISTING_RESPONSE = 17 // Directory listing response to the player
-	PDU_FILE_DOWNLOAD_REQUEST      = 18 // File download request from the player
-	PDU_FILE_DOWNLOAD_RESPONSE     = 19 // File download response to the player
-	PDU_FILE_DOWNLOAD_COMPLETE     = 20 // File download completion notification to the player
-)
-
-var pduTypesMap = scalar.UintMapSymStr{
-	PDU_FAST_PATH_INPUT:            "fastpath_input",
-	PDU_FAST_PATH_OUTPUT:           "fastpath_output",
-	PDU_CLIENT_INFO:                "client_info",
-	PDU_SLOW_PATH_PDU:              "slow_path_pdu",
-	PDU_CONNECTION_CLOSE:           "connection_close",
-	PDU_CLIPBOARD_DATA:             "clipboard_data",
-	PDU_CLIENT_DATA:                "client_data",
-	PDU_MOUSE_MOVE:                 "mouse_move",
-	PDU_MOUSE_BUTTON:               "mouse_button",
-	PDU_MOUSE_WHEEL:                "mouse_wheel",
-	PDU_KEYBOARD:                   "keyboard",
-	PDU_TEXT:                       "text",
-	PDU_FORWARDING_STATE:           "forwarding_state",
-	PDU_BITMAP:                     "bitmap",
-	PDU_DEVICE_MAPPING:             "device_mapping",
-	PDU_DIRECTORY_LISTING_REQUEST:  "directory_listing_request",
-	PDU_DIRECTORY_LISTING_RESPONSE: "directory_listing_response",
-	PDU_FILE_DOWNLOAD_REQUEST:      "file_download_request",
-	PDU_FILE_DOWNLOAD_RESPONSE:     "file_download_response",
-	PDU_FILE_DOWNLOAD_COMPLETE:     "file_download_complete",
-}
-
-var pduParsersMap = map[uint16]interface{}{
-	PDU_FAST_PATH_INPUT: pyrdp_pdu.ParseFastPathInput,
-	// PDU_FAST_PATH_OUTPUT:           pyrdp_pdu.ParseFastPathOut,
-	PDU_CLIENT_INFO: pyrdp_pdu.ParseClientInfo,
-	// PDU_SLOW_PATH_PDU:              pyrdp_pdu.ParseSlowPathPDU,
-	PDU_CONNECTION_CLOSE: noParse,
-	PDU_CLIPBOARD_DATA:   pyrdp_pdu.ParseClipboardData,
-	PDU_CLIENT_DATA:      pyrdp_pdu.ParseClientData,
-	// PDU_MOUSE_MOVE:                 pyrdp_pdu.ParseMouseMove,
-	// PDU_MOUSE_BUTTON:               pyrdp_pdu.ParseMouseButton,
-	// PDU_MOUSE_WHEEL:                pyrdp_pdu.ParseMouseWheel,
-	// PDU_KEYBOARD:                   pyrdp_pdu.ParseKeyboard,
-	// PDU_TEXT:                       pyrdp_pdu.ParseText,
-	// PDU_FORWARDING_STATE:           pyrdp_pdu.ParseForwardingState,
-	// PDU_BITMAP:                     pyrdp_pdu.ParseBitmap,
-	// PDU_DEVICE_MAPPING:             pyrdp_pdu.ParseDeviceMapping,
-	// PDU_DIRECTORY_LISTING_REQUEST:  pyrdp_pdu.ParseDirectoryListingRequest,
-	// PDU_DIRECTORY_LISTING_RESPONSE: pyrdp_pdu.ParseDirectoryListingResponse,
-	// PDU_FILE_DOWNLOAD_REQUEST:      pyrdp_pdu.ParseFileDownloadRequest,
-	// PDU_FILE_DOWNLOAD_RESPONSE:     pyrdp_pdu.ParseFileDownloadResponse,
-	// PDU_FILE_DOWNLOAD_COMPLETE:     pyrdp_pdu.ParseFileDownloadComplete,
-}
-
 func decodePYRDP(d *decode.D) any {
 	d.Endian = decode.LittleEndian
 
@@ -112,11 +42,11 @@ func decodePYRDP(d *decode.D) any {
 				pos := d.Pos()
 
 				size := d.FieldU64("size") // minus the length
-				pduType := uint16(d.FieldU16("pdu_type", pduTypesMap))
+				pduType := uint16(d.FieldU16("pdu_type", pdu.TypesMap))
 				d.FieldU64("timestamp", scalar.UintActualUnixTimeDescription(time.Millisecond, time.RFC3339Nano))
 				pduSize := int64(size - 18)
 
-				pduParser, ok := pduParsersMap[pduType]
+				pduParser, ok := pdu.ParsersMap[pduType]
 				if !ok { // catch undeclared parsers
 					if pduSize > 0 {
 						d.FieldRawLen("data", pduSize*8)
@@ -136,5 +66,3 @@ func decodePYRDP(d *decode.D) any {
 	})
 	return nil
 }
-
-func noParse(d *decode.D, length int64) {}