[1.12.1] A very strange crash

[Corthezz]

Hello,
today I stumbled across a very strange and annoying problem I cant find any solution for. My 1.12.1 bot is working fine for every class except druids.
After a few minutes I always get errors like:

Code:

Exception:	0xC0000005 (ACCESS_VIOLATION) at 0023:0070B5F8

The instruction at "0x0070B5F8" referenced memory at "0x00000130".

If I take a look at the instruction at this address I find out that EAX is for some reasons empty:

Code:

MOV EAX,DWORD PTR DS:[EAX+130]

The bot runs 24 hours or even more completely stable on any class BUT DRUIDS. This crash is really only happening on druids (mostly close after a shapeshift).
The adresses where WoW is crashing are not in any way related to the functions I call.
It is always about EAX being empty. The addresses producing this error are always in some kind of graphic functions (atleast thats what i guess since nopping some of those functions turns the wow gamma higher etc.)

I have really no clue what is causing this and also no idea how to start or even what to do.
I tried to look at the call tree of the function that contains the crash instruction however it doesnt lead to the functions I call.

Every function I use is executed by the main thread over a detour in the function found at 0x005A1B60.

At the beginning of my detour I use:
"pushfd",
"pushad"
to save the registers and later
"popad",
"popfd",
to get them back.


Thanks in advance for any help.
If I need to provide more infos you can just tell me

[Frosttall]

Is it always the same thread which crashes and have you tried to compare the callstacks in order to find a function they all have in common?

I'm don't know about the function you're hooking, but are you sure it's only called when everything is in a final state (like at endscene)? You could invalidate something otherwise.

[namreeb]

Can you post the crash log file from the WoW directory? That function is part of their huffman encoding/decoding API, which is used mostly in their rendering engine.

[Corthezz]

The problem was like Frosttall already mentioned inconsistent data. To counter this I moved my detour into the endscene which made my bot a bit slow however fixed the crashes completely.
To grab endscene I detoured CGxDeviceD3d__ISceneEnd which I got from the info dump thread.

Thanks namreeb and frosttall!