diff -r ca8a1b6995f6 -r 52e343bb8f80 memspy/Driver/Kernel/Include/MemSpyDriverHeap.h
--- a/memspy/Driver/Kernel/Include/MemSpyDriverHeap.h	Tue Aug 31 16:45:49 2010 +0300
+++ b/memspy/Driver/Kernel/Include/MemSpyDriverHeap.h	Wed Sep 01 12:37:10 2010 +0100
@@ -28,39 +28,104 @@
 #include "MemSpyDriverObjectsInternal.h"
 
 // Constants
-// We shouldn't be using any of these any more! -Tomsci
 const TUint KRHeapObjectSize = 0x74;
 const TUint KRAllocatorAndRHeapMemberDataOffset = 4; // 4 bytes past start of allocator address, i.e. skipping the vtable
 const TUint KRHeapMemberDataSize = KRHeapObjectSize - KRAllocatorAndRHeapMemberDataOffset;
 
 // Classes referenced
 class DMemSpyDriverOSAdaption;
-namespace LtkUtils
-	{
-	class RAllocatorHelper;
-	}
+
 
 /**
  * Essentially a mirror of RAllocator and RHeap's layout.
  */
 class RMemSpyDriverRHeapBase
 	{
+public:
+	struct SCell
+        {
+        TInt len; 
+        SCell* next;
+        };
+
+    struct SDebugCell
+        {
+        TInt len;
+        TInt nestingLevel;
+        TInt allocCount;
+        };
+
+    struct _s_align {char c; double d;};
+
+    struct SHeapCellInfo { RHeap* iHeap; TInt iTotalAlloc;	TInt iTotalAllocSize; TInt iTotalFree; TInt iLevelAlloc; SDebugCell* iStranded; };
+	
+    enum {ECellAlignment = sizeof(_s_align)-sizeof(double)};
+	enum {EFreeCellSize = sizeof(SCell)};
+	enum TDebugOp {EWalk=128};
+	enum TCellType
+		{EGoodAllocatedCell, EGoodFreeCell, EBadAllocatedCellSize, EBadAllocatedCellAddress,
+		EBadFreeCellAddress, EBadFreeCellSize};
+	
+    enum TDebugHeapId {EUser=0, EKernel=1};
+
 protected:
     RMemSpyDriverRHeapBase();
 
+public: // Inlines
+    inline TUint8* Base() const { return iBase; }
+    inline TInt Size() const { return iTop - iBase; }
+    inline TInt MaxLength() const { return iMaxLength; }
+
 public: // API
     void PrintInfo();
-	LtkUtils::RAllocatorHelper* Helper();
-	TMemSpyHeapInfo::THeapImplementationType GetTypeFromHelper() const;
+    void CopyObjectDataTo( TMemSpyHeapObjectDataRHeap& aData );
 
 public: // Virtual API
     virtual void Reset();
-	virtual void Close();
+    virtual void AssociateWithKernelChunk( DChunk* aChunk, TLinAddr aAddress, TUint32 aMappingAttributes ) = 0;
+    virtual void DisassociateWithKernelChunk() = 0;
     virtual DChunk& Chunk() = 0;
     virtual const DChunk& Chunk() const = 0;
+    virtual TLinAddr ChunkKernelAddress() const = 0;
+    virtual TBool ChunkIsInitialised() const = 0;
+    virtual TUint ClientToKernelDelta() const = 0;
+    virtual void GetHeapSpecificInfo( TMemSpyHeapInfo& /*aInfo*/ ) const { }
 
-protected:
-	LtkUtils::RAllocatorHelper* iHelper;
+public: // Utilities
+    TBool CheckCell( TAny* aCellAddress, TInt aLength ) const;
+    static TInt AllocatedCellHeaderSize( TBool aDebugLibrary );
+    static TInt FreeCellHeaderSize();
+    static TInt CellHeaderSize( const TMemSpyDriverInternalWalkHeapParamsCell& aCell, TBool aDebugEUser );
+
+public: // From RAllocator
+	TInt iAccessCount;
+	TInt iHandleCount;
+	TInt* iHandles;
+	TUint32 iFlags;
+	TInt iCellCount;
+	TInt iTotalAllocSize;
+
+public: // From RHeap
+	TInt iMinLength;
+	TInt iMaxLength;
+	TInt iOffset;
+	TInt iGrowBy;
+	TInt iChunkHandle;
+	RFastLock iLock;
+	TUint8* iBase;
+	TUint8* iTop;
+	TInt iAlign;
+	TInt iMinCell;
+	TInt iPageSize;
+	SCell iFree;
+	TInt iNestingLevel;
+	TInt iAllocCount;
+    RAllocator::TAllocFail iFailType;
+	TInt iFailRate;
+	TBool iFailed;
+	TInt iFailAllocCount;
+	TInt iRand;
+	TAny* iTestData;
     };
 
 
@@ -72,12 +137,17 @@
     RMemSpyDriverRHeapReadFromCopy( DMemSpyDriverOSAdaption& aOSAdaption );
 
 public: // New API
-    void AssociateWithKernelChunk( DChunk* aChunk, TLinAddr aAddress, TUint32 aMappingAttributes );
+    TInt ReadFromUserAllocator( DThread& aThread );
 
 public: // From RMemSpyDriverRHeapBase
     void Reset();
+    void AssociateWithKernelChunk( DChunk* aChunk, TLinAddr aAddress, TUint32 aMappingAttributes );
+    void DisassociateWithKernelChunk();
     DChunk& Chunk();
     const DChunk& Chunk() const;
+    TLinAddr ChunkKernelAddress() const;
+    TBool ChunkIsInitialised() const;
+    TUint ClientToKernelDelta() const;
 
 protected:
     inline DMemSpyDriverOSAdaption& OSAdaption() { return iOSAdaption; }
@@ -92,7 +162,7 @@
 
     // Calculated delta between client's address space values and actual kernel
     // address of the heap chunk.
-    //TUint iClientToKernelDelta;
+    TUint iClientToKernelDelta;
     };
 
 
@@ -101,21 +171,13 @@
 
 
 
-class RMemSpyDriverRHeapUser : public RMemSpyDriverRHeapBase
+class RMemSpyDriverRHeapUser : public RMemSpyDriverRHeapReadFromCopy
 	{
 public:
     RMemSpyDriverRHeapUser( DMemSpyDriverOSAdaption& aOSAdaption );
-	TInt OpenUserHeap(DThread& aThread, TBool aEuserUdeb);
 
-	DChunk& Chunk() { return *iChunk; }
-	const DChunk& Chunk() const { return *iChunk; }
-
-private:
-    inline DMemSpyDriverOSAdaption& OSAdaption() { return iOSAdaption; }
-
-private:
-    DMemSpyDriverOSAdaption& iOSAdaption;
-	DChunk* iChunk;
+public: // New API
+    TInt ReadFromUserAllocator( DThread& aThread );
     };
 
 
@@ -129,8 +191,8 @@
     void SetKernelHeap( RHeapK& aKernelHeap );
 
 public: // From RMemSpyDriverRHeapBase
-    //void DisassociateWithKernelChunk();
-	void Close();
+    void DisassociateWithKernelChunk();
+    void GetHeapSpecificInfo( TMemSpyHeapInfo& aInfo ) const;
 
 private:
     RHeapK* iKernelHeap;
@@ -142,19 +204,50 @@
     {
 public:
     RMemSpyDriverRHeapKernelInPlace();
-	TInt OpenKernelHeap();
     
+public: // API
+    void FailNext();
+    void SetKernelHeap( RHeapK& aKernelHeap );
 
 public: // From RMemSpyDriverRHeapBase
-    void Close();
-
+    void Reset();
+    void AssociateWithKernelChunk( DChunk* aChunk, TLinAddr aAddress, TUint32 aMappingAttributes );
+    void DisassociateWithKernelChunk();
     DChunk& Chunk();
     const DChunk& Chunk() const;
+    TLinAddr ChunkKernelAddress() const;
+    TBool ChunkIsInitialised() const;
+    TUint ClientToKernelDelta() const;
+    void GetHeapSpecificInfo( TMemSpyHeapInfo& aInfo ) const;
 
-	// Only important member data is the base class's RAllocatorHelper
-	// We do cache the chunk though
+private: // Internal methods
+    void CopyMembersFromKernelHeap();
+
+private: // Internal class
+
+    /**
+     * Used when opening the kernel heap
+     */
+#ifndef __SYMBIAN_KERNEL_HYBRID_HEAP__
+    class RHeapKExtended : public RHeapK
+        {
+    public:
+        inline void FailNext()
+            {
+            SetFailType( RAllocator::EFailNext );
+            SetFailRate( 1 );
+            ResetFailed();
+            ResetFailAllocCount();
+            }
+        inline void SetFailType( TAllocFail aType ) { iFailType = aType; }
+        inline void SetFailRate( TInt aRate ) { iFailRate = aRate; }
+        inline void ResetFailed() { iFailed = EFalse; }
+        inline void ResetFailAllocCount() { iFailAllocCount = 0; }
+        };
+#endif
 private:
-	DChunk* iChunk;
+    RHeapK* iKernelHeap;
+    DChunk* iChunk;
     };