EndScene hooking, question

[shikyo]

I noticed the bot I'm writing for WoW was crashing due to race conditions, so I figured learning how to hook EndScene would be a good idea. So, having spent the last 5 or so hours googling, reading and testing others peoples code I've stumbled into a question I can't seem to answer through google alone.

The way most suited to my need seems to be injecting a DLL, finding EndScene through the VMTable and then putting in a little Detour. So far so easy I thought.
The problem I´ve found is that since EndScene is a part of IDirect3DDevice9 I kind of need that device's VTable, the solution I've seen through google are either:

1.Detour CreateDevice and get the address of the VTable.
2.Create your own WNDCLASSEX, Window and eventually D3D Device.

As I see it, the problems with 1 is that I need to be injected during the CreateDevice phase (I'm not). And with 2, although I suppose my device and WoW's device will be pointing to the same EndScene function, it seems rather ghetto... (Or maybe that's just me?)

The third option that seemed somewhat reasonable was to:
Find out the EndScene address inside of d3d9.dll (through IDA or the likes) and then once injected locate the DLL inside of WoW and then the address to EndScene would simply be DllAddressInWow+EndSceneAddressInDll

I know there are even more methods (some more crazy than the other oO), but these three seemed to be the most suitable to my situation.

So, my question (finally) is:
Are there any other method I'm missing to see the VTable or are the first two methods what you'd use as well? If not, could you recommend me/point me in a direction as to where I could keep researching? And thirdly, any opinion about the third method?

[lanman92]

A good way to get the EndScene address is to use the symbols library by Microsoft. I think MaiN made a post about it a while back. Just google for it on this site only and you'll find it pretty quick.

[Cypher]

Number 2 can also **** up rendering in some cases if the parameters you use to create the device don't match the game's device in some aspect. From memory it was primarily the 'windowed' flag giving me trouble...

Number 1 is the 'superior' solution imo, though symbols is also an option if you don't mind requiring an internet connection (as obviously it needs to connect to the symbols server).

For 'public' code I'd pick option 1. For 'private' code either 1 or symbols, depending on your use case.

[shikyo]

Thanks for both your answers.
Kind of just went ahead and did number 2 right after posting. Will look into symbols too though.
And if I ever plan to make it "public" I'll just change it away from the second solution (Right now I'm the only one using it)

[MaiN]

A good way to get the EndScene address is to use the symbols library by Microsoft. I think MaiN made a post about it a while back. Just google for it on this site only and you'll find it pretty quick.

I think it was _Mike, not me.