MCP.so
Sign In
G

Ghostmcp

@mq1n

About Ghostmcp

Injectable MCP server for AI-driven reverse engineering inside processes

Basic information

Category

Other

Transports

stdio

Publisher

mq1n

Submitted by

Koray

Config

Add this server to your MCP-compatible client using the configuration below.

{
  "mcpServers": {
    "ghost-core": {
      "command": "path/to/ghost-core-mcp.exe",
      "args": [
        "--transport",
        "stdio"
      ]
    },
    "ghost-analysis": {
      "command": "path/to/ghost-analysis-mcp.exe",
      "args": [
        "--port",
        "13341"
      ]
    },
    "ghost-static": {
      "command": "path/to/ghost-static-mcp.exe",
      "args": [
        "--port",
        "13342"
      ]
    },
    "ghost-extended": {
      "command": "path/to/ghost-extended-mcp.exe",
      "args": [
        "--port",
        "13343"
      ]
    }
  }
}

Tools

No tools detected

We auto-extract tools from the README. The maintainer can list them under a ## Tools heading to populate this section.

Overview

What is Ghostmcp?

Ghostmcp is an injectable MCP (Model Context Protocol) server for reverse engineering on Windows. It combines memory inspection, disassembly, debugging, and code injection into a single tool that any MCP-compatible AI client can use. Users inject it into a target process and interact through natural conversation.

How to use Ghostmcp?

Inject Ghostmcp into the target process and use an MCP-compatible AI client to issue natural-language commands. Launch one or all servers via the scripts/launch-mcp.ps1 script (agent listens on port 13338, core uses stdio, analysis/static on TCP). Destructive operations require a safety token: call safety_request_token and include the returned token_id.

Key features of Ghostmcp

  • Memory read/write with automatic type conversion
  • AOB and YARA pattern scanning
  • Full memory dump with PE reconstruction
  • Cheat Engine-style value and pointer scanning
  • Disassembly (Capstone) and decompilation (Hex-Rays style)
  • Software and hardware breakpoints, single stepping
  • Code injection and shellcode execution
  • Win32 API call tracing with argument decoding
  • AI‑friendly summaries, debugging sessions, and vulnerability hints

Use cases of Ghostmcp

  • Find and freeze a game's health value at a constant number
  • Locate all functions referencing a specific string in memory
  • Set a breakpoint on system calls and trigger notifications when hit
  • Disassemble a function at a given address and explain its logic
  • Discover all pointer paths leading to a particular address

FAQ from Ghostmcp

What is Ghostmcp’s architecture?

Ghostmcp uses a modular multi‑server setup with four servers (ghost‑core‑mcp, ghost‑analysis‑mcp, ghost‑static‑mcp, ghost‑extended‑mcp) on ports 13340–13343, providing over 250 tools while staying under MCP client limits.

Is Ghostmcp stable for production use?

No – the project is labeled EXPERIMENTAL. APIs may change without notice, features may be incomplete or unstable, and documentation may not reflect the current state. Use at your own risk.

What runtime does Ghostmcp require?

It runs on Windows only. The README mentions scripts for PowerShell (scripts/launch-mcp.ps1) and requires an MCP‑compatible AI client to interact with the injected server.

How do I safely perform destructive operations?

Destructive commands require a safety token. Call safety_request_token first, then include the returned token_id in the destructive operation’s arguments.

What transports and authentication does Ghostmcp use?

The agent listens on TCP port 13338; the core server uses stdio, while analysis and static servers communicate over TCP. No authentication mechanism is described in the README.

Comments

More Other MCP servers