From 3f11879640c455185d1ed7a6078f77c158f5e1ed Mon Sep 17 00:00:00 2001
From: Hector Martin <marcan@marcan.st>
Date: Wed, 23 Nov 2016 03:57:33 +0900
Subject: [PATCH] ES HLE / WAD boot: hardcode the entrypoint

NAND titles are always started at address 0x3400 with translation off.
The entrypoint in the DOL is ignored.
---
 Source/Core/Core/Boot/Boot_WiiWAD.cpp              | 6 +++++-
 Source/Core/Core/IPC_HLE/WII_IPC_HLE_Device_es.cpp | 6 +++---
 2 files changed, 8 insertions(+), 4 deletions(-)

diff --git a/Source/Core/Core/Boot/Boot_WiiWAD.cpp b/Source/Core/Core/Boot/Boot_WiiWAD.cpp
index 8fa0e63565..3a54ee03ed 100644
--- a/Source/Core/Core/Boot/Boot_WiiWAD.cpp
+++ b/Source/Core/Core/Boot/Boot_WiiWAD.cpp
@@ -109,7 +109,11 @@ bool CBoot::Boot_WiiWAD(const std::string& _pFilename)
     return false;
 
   pDolLoader->Load();
-  PC = pDolLoader->GetEntryPoint();
+  // NAND titles start with address translation off at 0x3400 (via the PPC bootstub)
+  // The state of other CPU registers (like the BAT registers) doesn't matter much
+  // because the realmode code at 0x3400 initializes everything itself anyway.
+  MSR = 0;
+  PC = 0x3400;
 
   // Pass the "#002 check"
   // Apploader should write the IOS version and revision to 0x3140, and compare it
diff --git a/Source/Core/Core/IPC_HLE/WII_IPC_HLE_Device_es.cpp b/Source/Core/Core/IPC_HLE/WII_IPC_HLE_Device_es.cpp
index fb8abf301c..376bebe327 100644
--- a/Source/Core/Core/IPC_HLE/WII_IPC_HLE_Device_es.cpp
+++ b/Source/Core/Core/IPC_HLE/WII_IPC_HLE_Device_es.cpp
@@ -968,12 +968,12 @@ IPCCommandResult CWII_IPC_HLE_Device_es::IOCtlV(u32 _CommandAddress)
           if (pDolLoader->IsValid())
           {
             pDolLoader->Load();  // TODO: Check why sysmenu does not load the DOL correctly
-            // WADs start with address translation off at the given entry point.
+            // NAND titles start with address translation off at 0x3400 (via the PPC bootstub)
             //
             // The state of other CPU registers (like the BAT registers) doesn't matter much
-            // because the WAD initializes everything itself anyway.
+            // because the realmode code at 0x3400 initializes everything itself anyway.
             MSR = 0;
-            PC = pDolLoader->GetEntryPoint();
+            PC = 0x3400;
             bSuccess = true;
           }
           else