I think that you already hit on a decent way to go about it. Something like vmware or Xen
sounds like the way to go. Xen is even opensource so you can potentially modify it to dump the info you are looking for.
So here's my question: When Windows XP, Win Server 2003, etc boot-up they start at 0000:7c00. Does the boot sequence wipe the memory at the lower address spaces thus stopping my alterations?
I'm a little outta my element here, but I would theorize the way to go about it would be to write a "bootloader" or simple OS that sits there, and then runs windows on top of itself in higher memory addresses... I have no idea if this is even possible.