With the release of the Hypervisor (HV) cracking method for games with Denuvo, a controversy has developed regarding its risks. Allowing access to lower layers of Windows and the need for a system reboot to disable DSE in order to make the game run implies extra steps, which cause many people to stay away from its use.
Faced with these issues, I saw in another post a tool called HV-PlugNPlay, which allows you to start the game by applying a temporary DSE bypass. To run the game with this tool, you must download a .bat file provided at the following link https://codeberg.org/vrx/HV-PlugNPlay/ . This .bat file must be copied into the same folder where the game’s crack files are located, and instead of running the game, you must run the .bat file with VBS disabled and administrator privileges enabled.
From my own experience, the tool works without major problems; however, it does not completely resolve the risks involved in using HV. The only unusual behavior I was able to notice after the installation and execution of the game was the installation of the RTCore64.sys driver. After conducting a quick search on the internet, I found the following information about it: “RTCore64.sys is a kernel-mode driver essential for the functioning of MSI Afterburner, RivaTuner Statistics Server, and EVGA Precision X, used to monitor hardware and perform overclocking on graphics cards. It has critical vulnerabilities that allow attackers to escalate privileges or disable security software, which is why it is often blocked by Windows and anti-cheat systems.”
This driver, while not a direct indicator of a virus or malware—since you may have it on your device normally if you use the MSI Afterburner or other tools—the fact that it is installed automatically when running the game leaves me with doubts about its reliability. The HV-PlugNPlay tool mentions MSI Afterburner, stating that you must close MSI Afterburner before running the .bat file and run MSI Afterburner again afterward if you want to monitor your system’s performance. Additionally, they also mention that it is necessary to restart the system before playing Valorant, Roblox, and other games with anti-cheat systems that depend on VBS or memory integrity.
Therefore, it is very likely that the installation of this driver is necessary for the tool to function; however, I lack the computing knowledge necessary for a more exhaustive analysis.
As a conclusion, HV-PlugNPlay allows you to run games with a hypervisor bypass without the need to reboot the system; however, the security of the tool is still questionable.
Edit: I made an analisis with VirusTotal and got one detection: KasperskyHEUR:Trojan.BAT.Agent.gen
Malwarebytes didn't find anything wrong