Windows 7

This section will cover downloading an existing, freely available Windows 7 Virtual Machine, uploading it to REVEN and configuring it to make it a good recording environment.

• Downloading the VM
• Provisioning the VM disk
• Registering the VM
  • Starting the registration
  • Booting the VM for the first time
  • Configuring the guest
  • Installing tools
  • Finishing configuration
  • Taking the first Live Snapshot
  • Preparing the snapshot

Downloading the VM

Microsoft provides Windows 7 Virtual Machines that can be downloaded from the Internet. For this guide, we will use the IE11 VM from the Tool VMs page.

1. Navigate to the Tool VMs page VM page
2. Please review the license terms.
3. Select the IE11 on Win7 (x86) VM, then the HyperV platform.
4. Click on Download.
5. Unzip the IE11.Win7.HyperV.zip file you just downloaded on your machine.

Note that the Windows 7 VMs provided by Microsoft are 32-bit machines. You can use your own 64-bit VM with REVEN, but this guide assumes you are using the IE11 32-bit VM.

Provisioning the VM disk

We will now upload the IE11's disk to the REVEN server, a step known as provisioning:

1. Open up your REVEN installation's Project Manager (by default, point a web browser to http://<your_reven_host>:8880)

2. Select the VM Manager tab.

3. Click on Register QEMU VM

   

4. The VM Import Wizard welcome screen shows up - click on Start.

5. In the Select VM screen, locate the Provision a new VM section and click on Upload a new VM file from disk

   

6. Click on Browse.

7. On your disk, select the Virtual Hard Disks/IE11 - Win7.vhdx extracted from the archive earlier.

8. Click on Upload.

   

9. When the upload is over, click on Next. You are back at the Select VM screen.

Registering the VM

Now that the VM disk is available to the REVEN server, it is time to register it as a new VM.

Starting the registration

1. After the end of the provisioning step, you were taken back to the Select VM screen.

2. Locate the Register a new VM section.

3. Ensure the disk file we uploaded is selected in the combo box. If not, select it.

4. Click on Register.

   

5. This disk requires conversion to the qcow2 format used by REVEN:

   1. Check Remove original file.
   2. Click on Convert.
   3. When the operation is over, click on Next.

6. In the Specify guest page, select the following options for this VM:

   1. OS: Windows.

   2. Architecture: x86.

   3. Leave the other options unchanged.

   4. Click on Next.

      

7. On the Create disk snapshot screen, click Next.

Booting the VM for the first time

We are now ready to boot this disk for the first time.

1. Boot the VM:
   1. Check Enable network.
   2. Click on Start.
   3. Click on Show in browser: the VM screen appears in a new tab or window.
   4. Wait for the desktop to appear. No login is necessary. If needed, the password is Passw0rd! (as specified on the Microsoft VM page).
   5. The VM might request a restart on the first boot. Kindly oblige.

Configuring the guest

Now that the VM is booted, it is time to configure the guest environment:

1. In the Project Manager, click on Insert Windows 10 lightener CDROM.

   NOTE: Despite the name, this CDROM contains utilities that are useful for Windows 7 too.

2. Go back to the VM screen.

3. Disable the KPTI protections:

   1. Point a file explorer to the CD-ROM drive.
   2. Right-click on the file disable-kpti.bat and select Run as administrator.
   3. Wait for the VM to reboot.

4. Finally, make the VM lighter:

   1. Disable Windows Defender:
      1. Press Windows+R to make the "Run" window appear.
      2. Type in gpedit.msc and press Enter.
      3. Navigate to Local Computer Policy\Computer Configuration\Administrative Templates\Windows Components\Windows Defender\.
      4. Double-click on Turn off Windows Defender Antivirus and set the Enabled radio button.
      5. Click OK or Apply to close the Group Policy editor window.
   2. Force .NET 4 precompilation step:
      1. In an admin shell, type in: C:\Windows\Microsoft.NET\Framework\v4.0.30319\ngen.exe update /force.

Installing tools

At this point, we have done everything that is strictly necessary for REVEN. However, it is a good idea to install Visual Studio's runtimes and other tools to make using this VM easier.

1. From your VM, open up the Internet Explorer browser.
2. If the network does not work:
   1. Go back to the Project Manager
   2. Click on ACPI shutdown.
   3. Check Enable network.
   4. Click on Start.
   5. Wait for the VM to boot: the network should now work.
3. Install the following tools - you can type the page's URLs or search for their title in your favorite search engine:
   1. vc_redist.x86.exe files from The latest supported Visual C++ downloads - at least the 2019 and 2013 versions.

At this point, optionally you can also install any software you might want: a web browser, etc.

Finishing configuration

Now that your VM is configured, turn it off:

1. Go back to the Project Manager.
2. Click on ACPI shutdown.
3. Click on Next.
4. You can skip Finalize VM preparation so Click on Next again.

Taking the first Live Snapshot

Now that the VM is off, it is time to boot it into Emulation mode (which is the mode we can record in) and take a handy live snapshot for future recording sessions:

1. Click on Start.

2. Click on Show in browser.

3. The VM will now automatically boot and log in. Wait a few minutes for the desktop to appear - this is slower than earlier, because of the emulation mode.

4. The VM will prompt you for a reboot due to the change in device drivers that accompany switching to Emulation Mode. Let it reboot.

5. We know Windows shows the desktop as soon as possible but keeps starting processes in the background. At this point, we want to wait until the boot process is effectively finished:

   1. Right-click on the Start menu and click on Start Task Manager.
   2. Wait for the System Idle Process CPU value in the "Processes" tab to be around 80-90% for a while- usually the Task Manager itself will consume about 10-15%.
   3. Close the task manager.

6. We will often use a command-line during recording sessions, so we might as well start one now:

   1. Press Windows+R Run.
   2. Type in cmd and press Enter.
   3. Wait for the shell to appear.

7. The VM is ready, it is time to take our live snapshot:

   1. Go back to the Project Manager.
   2. Locate the Take a live snapshot field.
   3. Type in a name, booted-cmd for instance.
   4. Click on Save.

8. Now that a live snapshot exists, we can safely force shutdown the VM because we will always be restoring a known good state: click on Force shutdown.

9. Click on Next.

Preparing the snapshot

1. On the Prepare the snapshot screen, click on Prepare.
2. Wait for the task to finish. This will take several minutes.
3. Click on Finish.

And that is it! We now have a VM with a guest environment tuned for a good recording experience. It is time to Record our first scenario.