Well, after a great search, I find that I have found a working solution. Iโm not saying that the solution works perfectly or works 100% of the time, but I believe that this is the best thing that can be done with the help of the memory that Windows Mobile provides us with.
Here's a rough description of the method (if you need people, I can provide the full source code): a) Use CreateToolhelp32Snapshot to get information about all running processes.
CreateToolhelp32Snapshot (TH32CS_SNAPPROCESS | TH32CS_SNAPNOHEAPS, 0);
b) Take a walk through these processes until you find one that has a list. You will have a PROCESSENTRY32 structure for this process, call it pe32.
PROCESSENTRY32 pe32;
if (! Process32First (hProcessSnap, & pe32))
...
do {...}
while (Process32Next (hProcessSnap, & pe32));
c) Use OpenProcess to get the handle for this process, let it hProcess.
HANDLE hProcess = OpenProcess (PROCESS_ALL_ACCESS, FALSE, pe32.th32ProcessID);
d) Starting from pe32.th32MemoryBase + 512 to pe32.th32MemoryBase + 0x02000000 (processes in Windows Mobile 6 have 32 MB memory space) use the VirtualQuery method to obtain information about this region. You will get the MEMORY_BASIC_INFORMATION structure, let it name mbi. Areas of memory will grow by mbi.RegionSize
DWORD dwAddress = pe32.th32MemoryBase + 512;
DWORD dwStopAddress = pe32.th32MemoryBase + 0x02000000;
while (VirtualQuery ((LPVOID) dwAddress, & mbi, sizeof (mbi))) {
...
dwAddress + = mbi.RegionSize;
if (dwAddress> = dwStopAddress) break;
}
e) Make sure mbi.State == MEM_COMMIT and mbi.Protect == PAGE_READWRITE. If both values โโare true, you can write in this area. Also, look at mbi.RegionSize to see if there is enough memory space for your data. If the condition is not met, it will be in the next region. WARNING: You do not know what you will write about. You can break the listview application. More on this later.
if (mbi.State == MEM_COMMIT && mbi.Protect == PAGE_READWRITE) {...}
f) Inside the previous if (all conditions are met): Declare a pointer pointing to mbi.BaseAddress - pe32.th32MemoryBase:
char * membase2 = (char *) mbi.BaseAddress - pe32.th32MemoryBase;
g) Now you can read or write the memory of another process using ReadProcessMemory and WriteProcessMemory! For example, here is my code for reading the contents of a list:
LVITEM lvi, * _lvi;
LPWSTR _item;
TCHAR item [128];
_lvi = (LVITEM *) membase2;
_item = (LPWSTR) membase2;
_item + = 128;
lvi.iSubItem = 1;
lvi.pszText = _item;
lvi.iItem = 0;
lvi.cchTextMax = 64;
WriteProcessMemory (hProcess, _lvi, & lvi, sizeof (LVITEM), NULL);
SendMessage (listHWND, LVM_GETITEMTEXT, (WPARAM) 0, (LPARAM) _lvi);
ReadProcessMemory (hProcess, _item, item, 128, NULL);
wprintf (TEXT ("% s \ n"), item);
h) Final thoughts: the method really works. He was checked by me. However, you should always consider the warning that I mentioned earlier: you do not know where you will write: the memory that you will use, and you can write to it, but you will not be sure what you are writing, Of course, this is the memory of another application, so you can break it. If this is not so important, you can restart it and continue reading your memory! When I tested it, another application did not crush even once, however it was closed only once or twice. Also, if you cannot get it to work, try a different area of โโmemory (step d).