List of detections marked as important using Ocean Screenshare Tool on Minecraft
Ocean has several detection capabilities, including direct, generic, and specific detections. In this section, we will go step by step through the generic and specific detections, as it is practically impossible to describe all our direct detections.
Direct cheat detections using residues or other detection methods (e.g., Skript Loader).
Detections of highly suspicious executables; while they are not 100% certain detections (unless otherwise specified by this documentation), they indicate a strong likelihood of cheating.
Detections of tampering or modification methods used to gain illegal advantages, cheat dependencies, etc.
Indicates that the user used a generic autoclicker that uses JNativeHook imports (usually seen in autoclickers made with Java).

Indicates that a DLL was unloaded from the game process.

Indicates that a GUI/Render module external to the game was injected.

Examine critical operating system functions to detect modifications to their original behavior, Looking for patterns that indicate execution redirection.

Indicates a dll injection using the Manual Map technique

Indicates that an illegal external injection to the game was found.

A GUI rendering external to the game process was detected, which was practically impossible and very rare to false-flag.

Secure cheat injection

Ocean can detect changes to game-loaded files, reducing to 0% the possibility of modifying a file within the game instance without being detected.

Generic detections for cheats that execute instructions using JVM and JVMTI.

Indicates that there was a selfdestruct of an internal cheat.

Indicates that a mod loaded in the game is obfuscated using JNIC; this does not allow us to read the mod code, which makes it highly suspicious, and a manual check is required.

Indicates that the suspect hooked a game process import, clearly indicating an injection

Examines network communication functions to detect interception or modification of network traffic An example is detailed here

Examines system input functions to detect interception of keyboard or mouse events. An example is detailed here

Analyzes memory management functions to identify modifications that allow unauthorized memory manipulation. An example is detailed here

Examines functions related to thread creation and management to detect manipulation of the threading system. An example is detailed here

Identifies small regions of executable memory containing multiple execution redirection patterns, which is characteristic of certain techniques An example is detailed here

Verifies the integrity of functions related to graphics rendering. Analyzes whether the original functions have been modified or redirected to unauthorized locations. An example is detailed here

Searches for patterns of executable code in memory that do not belong to known modules. Identifies common code injection techniques. An example is detailed here

Detects executable memory allocations that are unusually close to loaded modules, which may indicate specific injection techniques. An example is detailed here

Indicates a clear cheat injection to the game process

Indicates a clear cheat injection to the game process

Indicates a clear cheat injection to the game process

Detects suspicious changes in memory permissions, specifically when memory regions change from non-executable to executable without being associated with legitimate modules. Can false in mod loaders or custom clients

Detects classes that are obfuscated, packaged, or simply do not belong to the inheritance tree of a normal Java application. It may false in modloaders such as Lunar Client or Badlion Client (But its rare), since they are closed source and their code is likely to be obfuscated.
