WinPathShim allows you to run Windows applications while simulating alternative paths for common user folders, such as Documents and AppData
The launched application is transparently tricked into saving its configuration files and data into a custom location you control, instead of the real user profile folders
PS > .\WinPathShim64.exe -h
Usage: WinPathShim.exe FakeRoot ExePath [args...]You need to know whether the target application is 32-bit or 64-bit to use the matching WinPathShim version
WinPathShim32.exe D:\FakeAppRoots\32BitApp "C:\Program Files (x86)\32BitApp\32BitApp.exe"WinPathShim64.exe D:\FakeAppRoots\64BitApp "C:\Program Files\64BitApp\64BitApp.exe"Windows applications and games store configuration files, caches and save data in many different places, most commonly:
- AppData\Roaming
- AppData\Local
- AppData\LocalLow
- Documents
When dealing with an unfamiliar application, it is often unclear where it writes files, making cleanup, backup or uninstallation difficult
The situation is even worse for the Documents folder, which is often treated by applications as a configuration directory rather than a user-owned space
Despite its name, which implies user-created documents, many applications and games misuse the Documents folder to store configuration files and saves instead of using AppData
In my opinion, applications should not pollute the Documents folder with internal data
If you use Windows Defender Controlled Folder Access for ransomware protection:
- User folders such as Documents, Pictures, Desktop are always protected
- Defender does not allow granular per-folder permissions
- Granting access to one protected folder automatically grants access to all protected folders
As a result, any application that needs to write to Documents must be globally whitelisted, effectively weakening the security feature
WinPathShim lets you assign a fake root directory to an application
Inside that directory, WinPathShim automatically creates fake versions of:
- AppData\Roaming
- AppData\Local
- AppData\LocalLow
- Documents
The application is then launched in a way that makes it believe these fake folders are the real ones
- No need to relax Windows Defender Controlled Folder Access rules
- Full visibility of all files generated by an application
- Easy cleanup after uninstalling an app or game
- Simple per-application backups by zipping the corresponding fake path directory
- Files are kept isolated and are not mixed with those of other applications
A full sandbox solution such as Sandboxie could theoretically solve the same problem by virtualizing file system access
However, sandboxes come with significant drawbacks:
- Noticeable performance overhead, especially for games
- Increased I/O latency
- Compatibility issues with some applications
- Additional complexity and setup
WinPathShim takes a much lighter approach
Instead of virtualizing the entire environment, it selectively redirects only the paths that matter (Documents and AppData), keeping performance virtually identical to running the application normally
This makes WinPathShim particularly suitable for games and performance-sensitive applications, where traditional sandboxing would be impractical
WinPathShim uses a combination of:
- Environment variable overrides
- Runtime API hooking of Windows known-folder APIs
to intercept folder resolution calls such as:
- SHGetKnownFolderPath
- SHGetFolderPathW
and redirect them to user-defined paths, no virtual machines or full sandbox environments are involved
For this purpose, it uses the MinHook library
MinHook provides a lightweight and reliable x86/x64 API hooking mechanism and is widely used in Windows low-level tooling
WinPathShim has been tested with a limited set of applications and games and works reliably in those cases
However, it is not guaranteed to work with every application
Some software may:
- bypass standard Windows folder APIs
- use hardcoded paths
- rely on custom filesystem logic
Additionally, WinPathShim is strongly discouraged for use with applications or games that include anti-cheat or anti-tamper systems
API hooking and runtime path redirection techniques may be interpreted as suspicious behavior by such systems and could result in crashes, undefined behavior, or account bans