It's becoming hard to obtain a licensed copy of Windows XP. Yet, many IT professionals, including malware analysts, like having Windows XP in their virtualized labs. After all, Windows XP is still running on numerous personal and business systems. Fortunately, you can download a virtualized instance of Windows XP from Microsoft for free if you are running Windows 7 Professional, Enterprise, or Ultimate on your base system. (A variation of this approach seems to work on Windows 8.1, too.)
Microsoft calls this virtualized instance of Windows XP "Windows XP Mode," and distributes it in the Windows Virtual PC format. If you prefer to use VMware Workstation or VMware Player instead of Virtual PC, follow instructions below.
First, download Windows XP Mode from Microsoft. You'll need to go through the Windows validation wizard to confirm you’re running a licensed copy of the appropriate version of Windows 7. You'll have the option of downloading and installing Windows Virtual PC software, but you don't need it if you’ll be using VMware.
Next, install the downloaded Windows XP Mode executable. The installation wizard will give you a chance to specify where the files installed, placing them in "C:Program FilesWindows XP Mode" by default. This folder will contain, among other files, the 1GB+ file "Windows XP Mode base.vhd" representing the hard drive of the Windows XP virtual machine.
Then, launch VMware Workstation or Player. Go to the File > Import Windows XP Mode VM menu.
VMware will launch the wizard that will automatically create the Windows XP VMware virtual machine using the Windows XP Mode files you installed in the previous step.
Using VMware Workstation or Player, power on the Windows XP Mode virtual machine that VMware created.
Lastly, go through the Windows XP setup wizard within the new virtual machine the same way you would do it for a regular Windows XP system.
At this point, you should have a VMware virtual machine running Windows XP. It will be connected to the network using the VMWare "NAT" mode, so if your base system has Internet access, so would the virtual machine.
If using VMware Workstation, take a snapshot of your newly setup Windows XP virtual machine, in case something goes wrong later.
There two other ways of obtaining Windows virtual machines, both using Windows Virtual PC. In both cases, you can download Windows Virtual PC files and convert them into the VMware format by using VMware vCenter Converter or by using File > Import or Export… in VMware Workstation. You can download Windows XP, Vista and 7 virtual machines from Microsoft’s Internet Explorer Application Compatibility VPC Image page. You can also download Windows XP and Vista VMs from the NIST Federal Desktop Core Configuration FDCC page. You’ll need to supply valid Windows licenses to activate these OS instances; you may be able to use them for some time period in a limited manner without activation.
If this topic is interesting to you, take a look at my Reverse-Engineering Malware course. Other related items:
- Using VMware for Malware Analysis
- VMware Network Isolation for a Malware Analysis Lab
- 5 Steps to Building a Malware Analysis Toolkit Using Free Tools