I'm a bit out of options and maybe someone else has an idea.
I've hooked 2 different spots that are both using the WndProc arguments (one beeing the correct windowclass wndproc) with 2 different hooking methods and each time I go from charscreen to ingame the game crashes and their errorhandler catches it. Both wndproc hooks work completely fine in the mainmenu/charselect and ofc ingame. But the moment you zone from a big map to the next one or go from charscreen to ingame, it goes boom
I breakpointed the start of the WndProc function as well as a bit more down the func and both times I see it beeing "written" by an instruction "mov edi, [eax-4]" which is located in the .reloc seqment of the exe. The return pointer / calling functionptr was always 0.
The "mov edi, [eax-4]" instruction itself does (when the bp gets hit) start with an eax beeing the eso.exe baseaddr and then goes upwards through the memory. Sadly I have no fckn clue what it does here, maybe does a copy of it, reinitializes/recreates the whole shit or does some integrity check...no idea. All I know is that trying to find a reference in IDA lead always to some weird / not analysed / .reloc section regions.
Anyone else was playing with that and having this issue or an explanation maybe ?
.