Why does my game crash on the Microsoft Store build but run fine when I launch the executable directly?

The Store build is an MSIX package running in an app container with a virtualized, partly read-only filesystem. Writes next to the executable that succeed in your direct run get denied inside the sandbox and crash if unhandled. Record a packaged flag and the failed path on each crash so a sandbox write denial is obvious, then redirect that write to the per-user app data location the container allows.

How do I know which version of my game a Microsoft Store player is running?

Read the version from the MSIX package manifest at runtime, since on the Store that is the canonical version, not any string you hardcoded elsewhere. Attach it to every crash report. The package family name plus that version uniquely identifies the build, which lets you confirm whether a fix has reached players and whether a crash spike followed a particular package update.

Can I test MSIX sandbox behavior without submitting to the Store?

Yes, and you should. Build the MSIX package, install it locally, and launch from the Start menu so the app container is active. This reproduces the same virtualized filesystem and package identity the Store uses, surfacing write-permission and identity crashes before submission. Running only your unpackaged build output is exactly why sandbox bugs slip through to live Store reviews.

Crash Reporting for Games on the Microsoft Store

Quick answer: The Microsoft Store ships your Windows game as an MSIX package that runs in a restricted app container with virtualized file paths and a fixed package identity. File writes that work in your direct build can fail under the sandbox, and the package version is the source of truth. Capture the package identity, version, and whether you are running packaged on every crash, and the Store build stops surprising you.

Your game runs fine when you double-click the executable, then crashes for everyone who installs it from the Microsoft Store. The difference is packaging: the Store distributes Windows games as MSIX packages that execute inside an app container with a virtualized filesystem and a strict package identity. Paths you expected to write, registry keys you expected to touch, and assumptions about your install location all change under the sandbox. The same code can behave completely differently depending on whether it runs packaged or unpackaged. This post covers what MSIX packaging changes, what context to capture to tell the two apart, and how to keep the Store build stable.

How MSIX packaging changes runtime behavior

An MSIX package runs in an app container that virtualizes parts of the filesystem and registry. Your install directory is read-only, and writes to certain locations are silently redirected or denied. Code that drops a save file or a config next to the executable, which works perfectly in your direct build, hits an access-denied error under the package and crashes if you do not handle it. This is the most common Microsoft Store crash: a write to a path that is fine unpackaged and forbidden once the same binary runs inside the container.

Package identity is the other big shift. Inside the container your app has a stable package family name and a single authoritative version from the package manifest, and some Windows APIs only work, or only work correctly, when called from a process with package identity. A library that queries the environment can behave differently packaged versus unpackaged. The practical consequence is that you cannot fully trust your own non-packaged test runs, because the sandbox is precisely the thing your desktop development never exercises.

Capturing packaging context on crashes

The first flag you need is simply: are we running packaged. At startup detect whether the process has package identity and record it on every crash. That single bit splits your Store crashes from any side-loaded or direct runs and tells you whether the sandbox is even in play. Add the package version from the manifest, since on the Store that is the canonical version, not whatever string you hardcoded elsewhere. With those two facts, a write-permission crash immediately reads as a sandbox issue rather than a generic IO error.

Capture the specific path that failed when an IO operation throws, plus the Windows build number and the usual device context of GPU, driver, and memory. The failed path is gold under MSIX, because it tells you exactly which write the container refused, and the fix is almost always to redirect that write to the proper per-user app data location the sandbox permits. Recording these details means you diagnose packaging crashes from the report alone, instead of trying to reproduce a sandbox condition that does not exist on your own unpackaged build.

Reproducing under the real package

The only reliable way to catch MSIX issues is to run your game from an actual installed package, not your build output. Create the MSIX, install it locally, and play from the Start menu so the app container is active. Many teams skip this and ship straight from their unpackaged tests, which is exactly why the Store build breaks. Once you run packaged locally, write-permission and identity bugs surface immediately, and you can fix them before submission rather than reading about them in Store reviews after the fact.

Pay attention to first-launch and update scenarios under the package. The first run after install creates your per-user data folders, and an update can change the package version while old data persists, so your migration code runs inside the sandbox where paths differ. Test installing a fresh package, then installing an update over it, and confirm saves migrate without an access error. These transitions are where packaged builds crash in ways that a steady-state direct run will never show, and they are entirely reproducible once you commit to testing the packaged artifact.

Triaging the Store build

Tag the store source and the packaged flag so Microsoft Store crashes form their own group, separate from any direct or other-store distribution of the same game. Group duplicates by signature and the typical Store crash list is short, often dominated by one or two write-permission failures concentrated on first launch. Occurrence counts tell you how many players a sandbox bug is blocking, and a launch-time write failure usually means a large fraction of new installs, so it deserves the top spot even if your direct build never sees it.

Filter by packaging context and Windows build to read issues quickly. A crash present only when packaged, with a denied path in its details, is unambiguously a sandbox problem. A crash that appears on both packaged and unpackaged runs is shared logic you can debug on your desk. A signature tied to a specific Windows build points at an OS-level change. This separation keeps you from misattributing a sandbox-only IO crash to your game logic and sending yourself down the wrong investigation, which is easy to do when the same binary behaves two different ways.

Setting it up with Bugnet

Bugnet's SDK captures crashes and provides an in-game report button inside the MSIX-packaged build without any special permissions, since reporting goes out over the network the container allows. On a crash it records the stack trace and attaches the packaging context: a packaged flag, the package version from the manifest, the failed path when an IO error is involved, the Windows build, GPU, driver, and current scene. You set the packaged flag and store source as custom fields, so every Microsoft Store report arrives already labeled as packaged and already pointing at the sandbox if a permission denial is the cause.

On the dashboard, occurrence grouping folds the sandbox crashes into ranked issues and the captured context becomes your lens. Filtering on the packaged flag isolates Store-only failures from shared logic, and reading the denied path on a grouped write-permission issue tells you exactly which location to redirect. Player and version attributes show whether a crash spiked after a package update or concentrates on first launch. For a build whose defining trait is a sandbox your desktop never runs, having that container context captured and grouped in one place is what makes the Store variant debuggable.

Shipping a sandbox-safe Store build

Make running from a real installed package a required step before every Microsoft Store submission. Build the MSIX, install it, play from the Start menu, and exercise first launch, save, and an update-over-install. Route every write through the per-user app data locations the container permits rather than next to the executable, and handle denied paths gracefully instead of crashing. This discipline removes the entire category of sandbox write failures, which is the bulk of what goes wrong on the Store, before a single player ever sees it.

After release, watch the packaged crash population, especially right after you push a new package version, since migration code runs in the sandbox and is a common regression point. Over time you accumulate a clear picture of which writes the container cares about and how your data migration behaves under MSIX. The Microsoft Store build then stops being the mysterious one that works on your machine and breaks for users, and becomes a predictable target where the packaging context on each report tells you what the sandbox refused and where to send the write instead.

The Store build is your binary inside a sandbox your desktop never sees. Capture the packaged flag and the denied path and MSIX crashes become obvious redirects, not mysteries.