GhostMCP

Tools · 53

• read_memory Read memory from a target process with automatic type conversion
• write_memory Write memory to a target process with automatic type conversion
• enumerate_regions Enumerate memory regions with protection flags
• pattern_scan Scan memory for AOB patterns with wildcard support
• resolve_pointer_chain Resolve pointer chains for complex data structures
• aob_scan Array of Bytes scanning with wildcard support
• string_scan Scan memory for ASCII, Unicode, and UTF-8 strings
• regex_scan Byte-level regex pattern matching
• yara_scan Load and run YARA rules against memory
• manage_signatures Store, import, and export named patterns in signature databases
• dump_full_process Capture all committed memory regions of a process
• dump_region Dump a specific address range from memory
• dump_module Extract DLLs/EXEs with PE reconstruction
• create_minidump Create a minidump in WinDbg-compatible format
• incremental_dump Track changes between memory snapshots
• binary_diff Compare dumps to find modifications
• search_dump Search within dumps using AOB patterns
• annotate_dump Bookmark and label interesting locations in dumps
• reconstruct_pe Rebuild import tables with Scylla-style reconstruction
• catalog_dumps Organize and manage multiple dumps
• scan_value Perform Cheat Engine-style value scanning with 12 scan modes
• iterative_scan Refine scan results across multiple scans
• filter_scan Smart filtering for writable, executable, module-only, or custom ranges
• fast_scan Alignment-based skipping for 4x+ speedup
• track_scan_progress Real-time progress tracking with cancellation
• export_scan_results Export scan results as JSON, CSV, or Cheat Engine XML
• scan_pointers Multi-level pointer scanning with configurable depth
• filter_static_pointers Filter to module-relative pointers that survive restarts
• constrain_offsets Set max offset and alignment constraints for pointer scans
• rescan_pointers Validate pointer paths after process restart with stability scoring
• score_stability Track pointer validity across rescans (0.0-1.0 score)
• compare_pointer_sessions Find common valid pointers between scan sets
• resolve_pointer Follow pointer chains and read values at resolved addresses
• export_pointers Export pointer results as JSON, CSV, or Cheat Engine .ptr format
• paginate_pointers Paginate large pointer result sets with configurable limits
• track_pointer_progress Real-time progress tracking with cancellation for pointer scans
• disasm_at Disassemble code at a specific address using Capstone engine
• disasm_function Disassemble an entire function
• decompile Generate Hex-Rays style pseudo-C decompilation
• list_modules List all DLLs with their exports and imports
• resolve_symbols Load PDB symbols with DbgHelp and full stack walking
• find_cross_references Find all CALL/JMP/LEA references to an address
• extract_strings Pull ASCII/Unicode strings from any module
• set_software_breakpoint Set INT3 breakpoint with automatic byte restoration
• set_hardware_breakpoint Set hardware breakpoint via DR0-DR3 debug registers
• single_step Execute instruction-by-instruction using trap flag
• list_threads List all threads in the target process
• suspend_thread Suspend a specific thread
• resume_thread Resume a specific thread
• read_registers Read all x64 registers (RAX-R15, RIP, RFLAGS)
• write_registers Write to x64 registers
• walk_stack Walk the call stack with symbol resolution
• assemble_code Assemble and execute arbitrary code inside the target process