From 3f0e52d3b65f2e9b65059f5dcebcf69b6ca76bc3 Mon Sep 17 00:00:00 2001
From: Seliaste <aena.aria@posteo.net>
Date: Wed, 25 Mar 2026 15:18:01 +0100
Subject: [PATCH] Modified test file to include register values at entry

---
 rsc/upx-hostname.exe.bin_iat_wave1.json | 29 ++++++++++++++++++++++++-
 1 file changed, 28 insertions(+), 1 deletion(-)

diff --git a/rsc/upx-hostname.exe.bin_iat_wave1.json b/rsc/upx-hostname.exe.bin_iat_wave1.json
index 5a84741..d21e2a1 100644
--- a/rsc/upx-hostname.exe.bin_iat_wave1.json
+++ b/rsc/upx-hostname.exe.bin_iat_wave1.json
@@ -1 +1,28 @@
-{"entry": "0x10011d7", "calls": [{"adress": "0x10011e6", "name": "KERNEL32.DLL!GetModuleHandleA"}, {"adress": "0x1001243", "name": "MSVCRT.DLL!__set_app_type"}, {"adress": "0x1001258", "name": "MSVCRT.DLL!__p__fmode"}, {"adress": "0x1001266", "name": "MSVCRT.DLL!__p__commode"}, {"adress": "0x10013be", "name": "MSVCRT.DLL!_controlfp"}, {"adress": "0x1001358", "name": "MSVCRT.DLL!_initterm"}, {"adress": "0x10012cb", "name": "MSVCRT.DLL!__getmainargs"}, {"adress": "0x10010f2", "name": "WS2_32.DLL!WSAStartup"}, {"adress": "0x1001160", "name": "WS2_32.DLL!gethostname"}, {"adress": "0x10011ba", "name": "USER32.DLL!CharToOemBuffA"}, {"adress": "0x10011c7", "name": "MSVCRT.DLL!puts"}, {"adress": "0x10011d0", "name": "MSVCRT.DLL!exit"}]}
\ No newline at end of file
+{
+  "entry": "0x10011d7",
+  "calls": [
+    { "adress": "0x10011e6", "name": "KERNEL32.DLL!GetModuleHandleA" },
+    { "adress": "0x1001243", "name": "MSVCRT.DLL!__set_app_type" },
+    { "adress": "0x1001258", "name": "MSVCRT.DLL!__p__fmode" },
+    { "adress": "0x1001266", "name": "MSVCRT.DLL!__p__commode" },
+    { "adress": "0x10013be", "name": "MSVCRT.DLL!_controlfp" },
+    { "adress": "0x1001358", "name": "MSVCRT.DLL!_initterm" },
+    { "adress": "0x10012cb", "name": "MSVCRT.DLL!__getmainargs" },
+    { "adress": "0x10010f2", "name": "WS2_32.DLL!WSAStartup" },
+    { "adress": "0x1001160", "name": "WS2_32.DLL!gethostname" },
+    { "adress": "0x10011ba", "name": "USER32.DLL!CharToOemBuffA" },
+    { "adress": "0x10011c7", "name": "MSVCRT.DLL!puts" },
+    { "adress": "0x10011d0", "name": "MSVCRT.DLL!exit" }
+  ],
+  "entry_reg_values": {
+    "EAX": "0x000cff0c ",
+    "EBX": "0x7efde000  ",
+    "ECX": "0x00000000  ",
+    "EDX": "0x010058c0",
+    "ESI": "0x00000000 ",
+    "EDI": "0x00000000  ",
+    "EBP": "0x000cff94  ",
+    "ESP": "0x000cff8c",
+    "eflags": "0x00000203"
+  }
+}