TL;DR

-----

I strongly suggest making a backup copy of pes6.exe before doing anything, just
in case.

1. Put mlpatch.exe in the same folder as pes6.exe

2. Right-click mlpatch.exe -> Run As Administrator
3. Play Master League with no crash :)

Tested with Noche de Lobo 2013-2014 option file but hopefully should work for
any OF that crashes the ML at end of season.

STRANGE MEN BEARING EXES

------------------------

Don't trust them? Good for you, I wouldn't either. For that reason I've
included the source code of the patch, any programmer can verify and compile
it themselves.

Alternatively, if you know how to use a hex editor you can apply the patch
manually. Here are very quick instructions on how to do that with XVI32;

1. File -> Open -> pes6.exe

2. Search -> Find -> Hex String ->
3. Edit -> Insert String... -> Hex
4. Address -> Goto.. -> Decimal ->
5. The cursor should now be on the
EXACTLY four times.
6. File -> Save. You're done.
74 2E 8B 46 04 C1 E8 0A
String -> 74 32 85 F6
52 -> Relative Down
first of a number of CC bytes. Press delete

TECHNICAL DETAILS
-----------------

This patch fixes the ML crash but I still don't have much of an idea about what
exactly in the option file causes it. Neither do I have the time or motivation
to investigate further, I just wanted to be able to play Master League with a
2013-2014 OF and job done there as far as I'm concerned. So these technical
details are for anyone who might want to investigate further, or who is just
interested.

This is not a tutorial. I assume the reader knows how to use a debugger and
understands x86 assembler. I used Win7 32-bit and OllyDbg 1.10.

Ok, so you can play PES6 normally up until it's just about to crash (when you
return to Master League after the last game of the season). At this point you
Alt-Enter to put the game into windowed mode, run your favourite debugger and
attach it to the pes6.exe process. Then go back to PES6 and continue on until
it crashes.

00688A7C 84C9 TEST CL,CL

00688A7E 74 2E JE SHORT 00688AAE
00688A80 8B46 04 MOV EAX,DWORD PTR DS:[ESI+4] <-- Crash
00688A83 C1E8 0A SHR EAX,0A

ESI is zero so it's a standard null pointer reference error. Hmmm...what to do?
Well looking at the destination of that branch just before the crash point it's
going to the end of the function and returning 3. How about we just try that?

00688AAE B0 03 MOV AL,3

00688AB0 5E POP ESI
00688AB1 C3 RETN

Setting the PC to 00688AAE and continuing causes another crash at the same
place. Damn. Well I wonder how many times it's going to do this, let's try the
same thing again...Bingo! The game continues and you can now go on to the next
season.

Being that it's a bit inconvenient and user-unfriendly to have to attach a

debugger every new season, how can we fix this permanently? Pretty obvious
really, just patch in a null pointer check. The function entry points here are
aligned, which leaves plenty of room to insert our patch, and all branches are
relative so no addresses need to be fixed up. Easy!

00688A7C 84C9 TEST CL,CL

00688A7E 74 32 JE SHORT 00688AB2
00688A80 85F6 TEST ESI,ESI <-- Is ESI zero?
00688A82 74 2E JE SHORT 00688AB2 <-- We're out of here
00688A84 8B46 04 MOV EAX,DWORD PTR DS:[ESI+4]
00688A87 C1E8 0A SHR EAX,0A
.
.
00688AB2 B0 03 MOV AL,3
00688AB4 5E POP ESI
00688AB5 C3 RETN

Remove 4 bytes of alignment padding following the RETN to match the 4 bytes we
added above. And that's it.

So what is this procedure actually doing? I don't know but here's a guess.
Tracing through the code it seems to be looping through teams and doing some
small calculation with each team that gives a result of 0 to 3....what happens
once per season that sounds like that? The only thing I can think of is League
Rating (clubs are rated 4 times per season, leagues are rated only once). That
is a complete guess though and probably wrong. Perhaps someone cleverer than me
can work it out :)

THANKS
------

To all the PES6 editing community, without whom this great game would have died
a long time ago. You guys rock!