Isolated, GPU-accelerated Windows VMs on Windows 11, including Home edition.
App Sandbox creates Windows virtual machines that share the host GPU through Windows GPU Paravirtualization (GPU-PV). VMs are created from a standard Windows ISO. The software handles disk creation, driver injection, unattended setup, networking, and display — the VM boots to a usable desktop without manual configuration.
The primary use case is running software that shouldn't have access to your real machine — AI agents, untrusted executables, anything you wouldn't want having access to your personal data. The VM is disposable. Snapshot it, let it run, roll back if needed.
The VM does not require an internet connection to function. Display, input, clipboard, and agent communication all use Hyper-V sockets, which are point-to-point between the host and VM and do not traverse your network. Network connectivity is optional and only needed if the software inside the VM requires internet access.
App Sandbox is the successor to Easy-GPU-PV. Easy-GPU-PV was a set of PowerShell scripts that relied on Hyper-V (Windows 11 Pro only) and required the user to connect via RDP or third-party remote desktop tools. App Sandbox replaces all of that with a native application, built-in display and input over Hyper-V sockets, automated VM setup, and runs on the Host Compute System (HCS) — the same backend behind WSL2 and Docker containers. HCS only requires the Virtual Machine Platform optional Windows feature, which is available on all Windows 11 editions including Home.
- Windows 11 (any edition)
- Virtual Machine Platform enabled in Windows Features
- Administrator privileges
- A Windows 11 ISO
- Enable Virtual Machine Platform in Settings > System > Optional Features > More Windows Features. Reboot if prompted.
- Run
AppSandbox.exeas Administrator. - Create a VM — select your ISO, configure RAM, CPU, and GPU settings.
- The application builds a VHDX from the ISO, boots the VM, and runs Windows setup automatically.
- The display window opens when the guest agent comes online.
- GPU-PV — the host GPU is shared with the VM. DirectX and CUDA work inside the guest.
- Display — a custom Indirect Display Driver (IDD) in the guest streams the framebuffer to the host over Hyper-V sockets. Only dirty rectangles are transmitted. The host renders with D3D11.
- Clipboard — bidirectional clipboard sharing supporting text, files, images, and other formats.
- Audio — a virtual speaker device (AppSandboxVAD) inside the guest streams audio back to the host.
- Networking — none, NAT, external, or internal. NAT mode allocates static IPs and configures the guest automatically. External mode connects the VM to a physical adapter on the host — the VM gets a DHCP lease from your router and has access to your local network.
- SSH — optionally install OpenSSH Server in the guest. The host exposes it on a local TCP port via a Hyper-V socket proxy, so
sshworks without networking configured. - Snapshots — save VM state and create differencing disks. Snapshots support branching — multiple independent working copies from the same point.
- Templates — mark a VM as a template at creation time. Windows installs, syspreps, and shuts down automatically. New VMs created from that template skip the image extraction phase and start from OOBE, reducing setup time.
- Guest agent — runs inside the VM. Handles heartbeat, graceful shutdown, IP configuration, and GPU driver updates. Launches subprocesses for input injection and clipboard sync.
Written in C. Compiled with Visual Studio 2022. Uses only Windows APIs — no third-party dependencies.
AppSandbox.exe UI (WebView2, display windows, tray)
|
+-- appsandbox_core.dll Core library
+-- HCS VM lifecycle (computecore.dll)
+-- HCN Networking (computenetwork.dll)
+-- VirtDisk VHDX creation (virtdisk.dll)
+-- SetupAPI GPU enumeration
All system DLLs are loaded dynamically at runtime.
| File | Purpose |
|---|---|
asb_core.c |
VM lifecycle, config persistence, orchestration |
hcs_vm.c |
HCS API wrapper |
hcn_network.c |
HCN networking |
disk_util.c |
VHDX creation, unattend.xml generation |
snapshot.c |
Snapshot tree with branching |
gpu_enum.c |
GPU-PV device enumeration |
vm_display_idd.c |
Host-side IDD frame receiver and D3D11 renderer |
tools/vdd/ |
Guest-side Indirect Display Driver (IddCx) |
tools/agent/ |
Guest-side agent |
tools/iso-patch/ |
ISO to VHDX converter with file injection |
- Visual Studio 2022 with the Desktop development with C++ workload
- Windows SDK (10.0 or later, included with the C++ workload)
- Windows Driver Kit (WDK) — required for building the IDD virtual display driver (
AppSandboxVDD). Install the WDK matching your SDK version from Microsoft's WDK download page. Without the WDK, the driver projects will fail to build but everything else will compile. - WebView2 headers and loader DLL are in
vendor/webview2/.
- Clone the repo.
- Open
AppSandbox.slnin Visual Studio 2022. - Select configuration (Debug or Release) and platform (x64).
- Build the solution.
Output goes to bin\Debug\ or bin\Release\. The post-build step copies web/, release/resources/, and WebView2Loader.dll into the output directory.
| Project | Type | Description |
|---|---|---|
| AppSandbox | .exe | Main application — WebView2 UI, display windows, tray icon |
| AppSandboxCore | .dll | Core library — VM orchestration, HCS/HCN/VirtDisk, persistence |
| iso-patch | .exe | Converts a Windows ISO to a VHDX with file injection |
| agent | .exe | Guest-side agent — heartbeat, shutdown, IP config |
| appsandbox-input | .exe | Guest-side input receiver (keyboard/mouse over Hyper-V sockets) |
| appsandbox-displays | .exe | Guest-side IDD frame sender |
| appsandbox-clipboard | .exe | Guest-side clipboard writer (host to guest) |
| appsandbox-clipboard-reader | .exe | Guest-side clipboard reader (guest to host) |
| AppSandboxVDD | .sys | Indirect Display Driver (IddCx) — requires WDK. Builds with a self-signed certificate. |
| AppSandboxVDD.Package | — | Driver package for AppSandboxVDD |
| AppSandboxVAD | .sys | Virtual Audio Driver (WDM audio miniport) — speaker device in the guest. Requires WDK. |
| VADPackage | — | Driver package for AppSandboxVAD |
AppSandbox depends on AppSandboxCore and agent. The solution has build dependencies configured.
iso-patch.execonverts a Windows ISO to a VHDX, injecting an unattend.xml, the guest agent, the VDD driver, and setup scripts. The VDD is self-signed, so the setup process installs the certificate into the VM's trusted store and enables test signing mode in the guest BCD.- The core library constructs an HCS JSON document describing the VM (CPU, RAM, GPU-PV shares, network endpoint, UEFI firmware, virtual disks) and creates the compute system through HCS.
- GPU-PV assigns a partition of the host GPU to the VM. Specific GPU driver files are copied from the host into the VM at creation time. On every boot, App Sandbox checks whether the host GPU drivers have changed and, if so, instructs the guest agent to update them automatically via a Plan 9 file share.
- The IDD in the guest captures frames and sends dirty rectangles to the host over AF_HYPERV sockets. The host uploads the texture and renders through D3D11. Keyboard and mouse input is sent back to the guest over a separate Hyper-V socket. Clipboard data is synchronized bidirectionally over two additional sockets using a delayed-rendering protocol, supporting text, files, images, and other clipboard formats.
- HCN manages virtual networking. NAT mode allocates a static IP from a pool and the agent configures it inside the guest. External mode bridges to a physical adapter.
- Snapshots save VM memory state and create a differencing VHDX. Branches fork from any snapshot point.
MIT
Beyond my own experience building Easy-GPU-PV, I found NanaBox to be a really helpful resource for understanding HCS.