Chapter 2 in our book teaches readers how to set up a safe environment for performing malware analysis in VMs using VMware. The first step in setting up a VM is installing the OS (we recommend Windows XP). For readers that don’t have access to a Windows XP installation CD you may be able to obtain the Windows XP virtual machine that comes free from Microsoft.
One option offered with Windows 7 and Vista was “Windows XP mode” which is designed to allow users to run older programs that aren’t compatible with newer versions of Windows. Windows XP mode is implemented with a virtual machine and we can use that virtual machine for our malware analysis environment. If your version of Windows 7 didn’t come with Windows XP mode you can download it from Microsoft for free.
Windows XP mode comes with Virtual PC which is a Microsoft virtualization product similar to VMware. To use the free Windows XP mode virtual machine you can either perform your malware analysis using the Virtual PC program or you can import the Windows XP mode virtual machine into VMware. To import the Windows XP mode into VMware, you open VMware workstation and File->Import Windows XP mode VM. Once you’ve imported your Windows XP virtual machine into VMware you can install all your malware analysis tools and safely analyze malicious samples as described in our book.