You are hereProducts / Chroot for Windows

Chroot for Windows

Chroot on XP

Download Now


Chroot is a popular Linux tool that allows you to run a program that cannot access files outside of a specific file system folder tree. Now, using undocumented features, a native Windows version is available that doesn't require the usage of Cygwin or any additional software.

Due to the differences in operating system between Windows and Linux, this version provides a bit more flexibility that that provided and indeed required by the original. For one, you can choose to how severely to chroot a program, preferring to blocking off access to one, a few or all of the available drives present in your computer configuration.

Version 2.0 also allows redirection of registry accesses, to further jail and isolate the process.


Usage: chroot rootDir [options] program args
Where [options] can be none, one, or more of these:
-h Shows this help
-v Shows the version banner
-a Run 'program' as an anonymous user
-u Run 'program' as existing user
-f Allow 'program' to access the drives identified in
Redirect all registry accesses of 'program' to
Redirect all registry accesses of 'program' to
Redirect only HKEY_LOCAL_MACHINE of 'program' to
Redirect only HKEY_CURRENT_USER of 'program' to
Redirect only HKEY_CLASSES_ROOT of 'program' to
Redirect only HKEY_USERS of 'program' to
-rn Stops registry redirection from being inherited by 'program's
-rp Persist created registry keys across reboots

Note -a and -u cannot both be defined. If neither is defined
'program' will be run as the user running chroot

should be a collection of drive letters
e.g. to allow 'program' to access drives C: and D: as normal
the format of the option would be -f cd

In registry redirection:
makes all registry accesses go to
. -rf on the other hand is
equivalent to -rlm
\\Machine, -rcu
\\Root and -ru
When the -rf option is specified, keys for the 4 branches (Machine, Users,
ClassesRoot and CurrentUser) are created automatically under the specified
path. By default these keys exist only until you reboot the computer.
To make them persistent across reboots, use the -rp flag
Valid registry path prefixes are HKLM for Local Machine, HKU for Users
HKCU for Current_User and HKCR for Classes_Root. Example registry options:
-r HKLM\\Software\\Jail
-rcu HKCU\CurrentUserRoot
-rcr HKCR\\SecondaryRoot

'rootDir' and 'program' can contain environment variables.


Since any process can chroot any other it has access to without any special privileges, there's no ultimate guarantee that a rooted process will stay rooted. While that is true, it is by no means a common occurance.

Unlike the Windows default of un-chrooting children of rooted processes, Chroot 2.0 now ensures that children don't break free. This is a change from version 1 which left children to their own devices.

A third limitation is that, unlike Linux, you can't use this tool to create a second 'version' of Windows in the new root directory. This is due the effects of both a) KnownDLL loading, which overrides the jail b) the volatile, numbered nature by which system calls are made.

Because of the way processes start under Windows, it is impossible to redirect all registry accesses until after a certain point. This applies mainly to OS components such as ntdll and kernel32 but extends to the DllMain's (startup code) of all statically linked dlls. Any accesses made after this (including usage of keys opened before) are trapped.

Without the correct entries in the new location, redirecting HKEY_LOCAL_MACHINE will lead to failures in some API's which use the registry to find dll paths, this is mainly a problem for tools that work with DACL's using the advapi32 security API.

How it Works

The tool works by running and pausing the requested program, changing what it sees as the location of the file system drives, and then letting it go on its way. This is achieved via the use of device maps, there is a more in-depth technical blog posting on the process and how it works here. Registry redirection is achieved by hooking and providing modified versions of the system registry functions.


The download includes both x86 and x64 binaries. On 32-bit Windows, only the 32-bit versions are required. On 64-bit Windows, both sets of binaries are required.

Download Now
Size: 357 KB
MD5: f8899e08c96fad42ed5acda6c7471d5a
SHA1: 4f665611d6262f141f74e74faf621cdf973fd250
CRC32: 77ee9afa

Recent News