Can Genshin Impact be run as non-administrator on Windows 10

Is there a way to allow it be run without administrator privileges?

Without breaking any of miHoYo's ToS, and risking your account being permanently banned, the answer is no.

However, if you still want to know how to do it while breaking their ToS, read on.

There is a way of doing this and which involves modifying game files. It is assumed that you have decent knowledge of reverse engineering and are comfortable with Assembly instructions.

The goal is to disable the checks for whether mhyprot2.sys has started properly. This is the process for their kernel-level anti cheat. It is automatically started with the game, after you click the "Launch" button on the Launcher.

If you open GenshinImpact.exe found in C:\Program Files\Genshin Impact\Genshin Impact Game in IDA Pro, you'll find that the import segment has been destroyed, and that the debug symbol list is missing. This is miHoYo's first barrier to reversing - destroying the list of imports so you will have to rebuild it from scratch. As for the debug symbols, you'll need Genshin's source code for that so don't bother.

The next thing you'll notice are the chunks of code that look like data instead of assembly. They look like this:

These are the anti-debugging defense miHoYo has included in the binary, by protecting it against static analysis. By tracing the function call, we can find the chunk with the obfuscator. Since we have neither the debug symbols nor imports, we'll need to reconstruct the imports segment for a start.

For this, we need Scylla to dump the process while Genshin is running. I would suggest you do a fresh installation of Genshin on a new computer for this, as your login data is still saved on the login screen and hooking a process dumper to Genshin might constitute as 'cheating' and get your account banned. Do a binary search for the registry strings in IDA, then put the hexadecimal address into Scylla, which should return a partial imports segment. Open this modified GenshinImpact.exe back in IDA Pro, and then turn on the debugger and hunt for the missing segments by taking a memory snapshot of the process.

Now you just have to find the start function at the subroutine where mhyprot2.sys is called, and set it to always True. If you don't know how to set to always True, read AMD64 Architecture Programmer’s Manual on Procedure Calls and Procedure Stacks.

Finally, we can disable the access privilege check which is usually found in the CS Register. Save the .exe and run it and you should be able to run as any user without the anti-cheat now. Since there is no integrity requirement before you can login to your account (there is a check, but it does not prevent you from logging in), you should have no problems playing the game.

Disclaimer: I take no responsibility if your account gets banned.

Also, miHoYo can patch this easily so it might not work by next patch.