__unhook fails in Debug mode - injected code error

__unhook fails to unhook an event if software is compiled in debug mode.

Visual Studio 8 - SP1

After disassembling I found out:

a) __unhook contains a for loop, which calls __isEqual
b) __isEqual calls __getMAddr()

__getMAddr contains an error. The disassembly:

#injected_line 709 "d:\\sources\\drawings\\jengine\\jengine.h"
// injected
template <class T>
    struct __eventingGetAddr
{
    typedef void ( T::*pmfn_type) ();
    typedef void ( *pgfn_type) ();
    union U
    {
        void *addr;
        void ( T::*pmfn)();
        void ( *pgfn)();
    };
    static pmfn_type __getMAddr(void *addr)
    {
006F1060 55 push ebp
006F1061 8B EC mov ebp,esp
006F1063 81 EC D0 00 00 00 sub esp,0D0h
006F1069 53 push ebx
006F106A 56 push esi
006F106B 57 push edi
006F106C 8D BD 30 FF FF FF lea edi,[ebp-0D0h]
006F1072 B9 34 00 00 00 mov ecx,34h
006F1077 B8 CC CC CC CC mov eax,0CCCCCCCCh
006F107C F3 AB rep stos dword ptr es:[edi]
        U u;
        u.addr = addr;
006F107E 8B 45 08 mov eax,dword ptr [addr]
006F1081 89 45 F4 mov dword ptr [u],eax
        return u.pmfn;
006F1084 8B 45 F4 mov eax,dword ptr [u]
006F1087 8B 55 F8 mov edx,dword ptr [ebp-8]
    }
006F108A 52 push edx
006F108B 8B CD mov ecx,ebp
006F108D 50 push eax
006F108E 8D 15 A4 10 6F 00 lea edx,[ (6F10A4h)]

shows the following:
at the end, even if the pointer copy in address 006F107E/006F1081 is 32-bit,
the return value is 64-bit, address 006F1084/006F1087.

In Debug mode [ebp-8] is initialized to 0xCCCCCCCC and later, when this
function returns the comparison fails which results in __unhook failing.

Why does this happen?