Update:  A couple folks pointed out that the VMWare Converter automates most of the issues covered in this post.

On August 20th, 2007 NIST's Federal Desktop Core Configuration project released its initial set of Windows virtual machine images as a security reference. This set has been updated to consist of Windows XP SP2 and Windows Vista SP1, both available free of charge from the FDCC downloads page.

Unfortunately, the FDCC images were released in VHD format for use with Microsoft's Virtual PC product and making use of these images in a third-party virtualization product, such as VMWare, is tricky. This post walks through the process of obtaining, configuring, and using the FDCC Windows XP SP2 image inside of VMWare Workstation on the Linux platform.

The first step is to download the actual image. The VHD is broken into a 6-part zip file that can be obtained from the following links.

FDCC Windows XP SP2 - Part 1
FDCC Windows XP SP2 - Part 2
FDCC Windows XP SP2 - Part 3
FDCC Windows XP SP2 - Part 4
FDCC Windows XP SP2 - Part 5
FDCC Windows XP SP2 - Part 6

Extracting this multi-part zip file on Linux is not straightforward either. First, all 6 parts need to be joined together into one large file.

$ cat FDCC-Q4-2008-XP-VHD.z* > FDCC_XP.zip

Once these have been combined, the zip utility must be used to fix the archive.

$ zip -F FDCC_XP.zip

On many platforms, zip has not been compiled with large file support, so the zip source package must be downloaded and recompiled for this command to work.

Once the archived has been fixed, you can use unzip to extract the actual VHD image. This may also need to be patched for large file format support. The 7-Zip utility should work if convincing unzip to work properly becomes a challenge.

$ 7z x FDCC_XP.zip

The actual VHD image should be extracted and ready to go. VMWare Player users will need to make a VMX file by hand and VMWare Server/Workstation users will have to go through the process of creating a new virtual machine, specifying the VHD file as the disk. If you try to boot this VHD image directly in VMWare, the virtual machine will get to the XP logo and crash on an "inaccessible boot device" STOP error (0x0000007b). The reason is that the VHD image was configured as an IDE disk, but VMWare tries to use a SCSI driver on host systems using SATA drives. To fix this, we need to convert the image to use the VHD as an IDE device.

First, the VMX file needs to be modified to change all occurrences of "scsi" to "ide". Next, the VHD needs to be converted to the VMWare disk format (VMDK) with the following command:

$ vmware-vdiskmanager -r 'XP NIST FDCC Q4 2008 Hard Disk.vhd' -t 1 FDCC_XP.vmdk

The primary VMDK file (FDCC_XP.vmdk) needs to be opened in a text editor and the ddb.adapterType parameter must be changed to "ide" from "BusLogic". Now the VMX file needs to be modified to point to the new VMDK disk image. If everything goes well, the virtual machine should now boot into the Windows operating system. The username is "Renamed_Admin" and the password is "P@ssw0rd123456".

Upon logging in, you will notice that the mouse does not work. Using the keyboard, navigate to the Control Panel from the Start Menu. Access the Add/Remove programs screen and uninstall the "Virtual PC Additions" software package, along with the "Dell Touchpad Driver". Once this has completed, use the VMWare Tools link from the VMWare menu to start installing the VMWare drivers. Note that since Autorun is disabled in the virtual machine, you will need to navigate to the CD-Rom drive and run setup.exe directly (Windows-key, Run, D:\Setup).

Once the VMWare Tools installation completes, allow the system to restart. If everything went well, the mouse should be working and the display should auto-size itself. Removing the "Virtual PC Additions" package also fixes an issue where the image hangs on reboot and must be power cycled. A copy of the finished VMX file can be obtained at:

http://metasploit.com/users/hdm/tools/FDCCWinXP.vmx

This conversion process should work for nearly any other VHD image released by Microsoft.