Retail Client Auto Shutdown when IDA PRO/x64dbg/overdumpfix is in the hdd

[SailorMars]

Wonder if anyone experienced this. I don't have any cheat yet. Didn't inject anything to the retail client, didn't run any program remotely related to automation (autohotkey,etc). But prior to running the retail client, i just copied to my hdd the IDA Pro (installer only), a full copy of X64dbg and the zip file Overwatch-dump-fix -master.zip. Then i ran the retail client and login to my characters. The game ran fine for a while. Then I opened the pdf of ScyllaHida's documentation. I've never run the IDA/x64dbg. But the retail client suddenly shutdown automatically indicating it detected something.

Does that mean the retail client is scanning my hdd for any of the above programs? Or is it simply opening a pdf file related to ScyllaHide causes a detection? I DON'T HAVE ANY CHEATS in my hdd, so it is impossible for it to be related to real cheat being detected.

Anyone have similar experience?

[krustx]

Sounds like they are scanning window titles in a primitive way? Rename the PDF file so it doesn't show Scylla substrings in it's title and give it a try.

[CodeBytes]

They definitely scan window titles (and run other checks too). Open CE/ReClass/whatever in a hex editor like HxD and rename all strings that match the window title of your program to something else. Of course, back up your exes first in case you mess something up. You will still periodically crash with a renamed program as well, but the crashes are much less frequent. I have not yet had to rename the strings in IDA. There are a ton of legit reasons to have IDA open, and Blizzard can't penalize you for that (unless, of course, you try to attach the debugger. Then you can most certainly expect a crash).

If you don't feel like renaming your pdf file, you can just open it in a sandbox. You could also browse websites in a sandbox so the tab title doesn't trigger a crash. If not for the crash, then for good measure. Using a sandbox to browse the web can be safer than not.

[SailorMars]

its seems that even having Chrome opening the Scyllahide Github page could cause a shutdown (it shutdown when i clicked the github page's release tab). My previous case could be caused by viewing a youtube video related to Scyllahide. The Chrome's window title is set to the title of the active tab/youtube video title. That's sad.

Running x64dbg, even for debugging something else not related to wow also causes a shutdown.

[Seifer]

Does that mean the retail client is scanning my hdd for any of the above programs? Or is it simply opening a pdf file related to ScyllaHide causes a detection? I DON'T HAVE ANY CHEATS in my hdd, so it is impossible for it to be related to real cheat being detected.

Anyone have similar experience?

It's not scanning your filesystem; it's only scanning your memory. And IIRC they only crash the process when they found something fishy running.

[SailorMars]

today, i just carelessly opened the ScyllaHide-master.zip by winrar and it crashed my wow client. I'm quite sure that they're doing a primitive window title scan for the keyword "ScyllaHide".

[aeo]

As stated above just having the scyllahide github page open will crash you. Its windows titles.