Initial Register values

[TQN]

I think the initial register values are depend on OS version. On my Win2000 Server, they are:
EAX = 00000000 EBX = 7FFDF000 ECX = 00000101 EDX = FFFFFFFF
ESI = 00000000 EDI = 00000000 EIP = 7C4E87F2 ESP = 0012FFC8
EBP = 0012FFF0
Seam they are same as value of phax.
The loader code on my OS is:
_BaseProcessStart@4:
7C4E87B8 55 push ebp
7C4E87B9 8B EC mov ebp,esp
7C4E87BB 6A FF push 0FFFFFFFFh
7C4E87BD 68 C8 8E 4E 7C push 7C4E8EC8h
7C4E87C2 68 B4 F0 4F 7C push offset __except_handler3 (7C4FF0B4h)
7C4E87C7 64 A1 00 00 00 00 mov eax,dword ptr fs:[00000000h]
7C4E87CD 50 push eax
7C4E87CE 64 89 25 00 00 00 00 mov dword ptr fs:[0],esp
7C4E87D5 51 push ecx
7C4E87D6 51 push ecx
7C4E87D7 51 push ecx
7C4E87D8 53 push ebx
7C4E87D9 56 push esi
7C4E87DA 57 push edi
7C4E87DB 89 65 E8 mov dword ptr [ebp-18h],esp
7C4E87DE 83 65 FC 00 and dword ptr [ebp-4],0
7C4E87E2 6A 04 push 4
7C4E87E4 8D 45 08 lea eax,[ebp+8]
7C4E87E7 50 push eax
7C4E87E8 6A 09 push 9
7C4E87EA 6A FE push 0FFFFFFFEh
7C4E87EC FF 15 4C 13 4E 7C call dword ptr [__imp__NtSetInformationThread@16 (7C4E134Ch)]
7C4E87F2 FF 55 08 call dword ptr [ebp+8] ; EP of program
7C4E87F5 50 push eax
7C4E87F6 E8 40 D7 FF FF call _ExitThread@4 (7C4E5F3Bh)
So, the initial values were changed and depend on the NtSetInformationThread function.
Hope my information can help you, phax.
Regards.