add basic CLI for testing enumeration

.claude/settings.local.json

@@ -2,7 +2,8 @@
   "permissions": {
     "allow": [
       "Bash(git add:*)",
-      "Bash(git commit:*)"
+      "Bash(git commit:*)",
+      "Bash(cargo new:*)"
     ],
     "deny": [],
     "ask": []

Cargo.toml

@@ -1,5 +1,5 @@
 [workspace]
-members = [
+members = [ "ghost-cli",
     "ghost-core",
 ]
 resolver = "2"

ghost-cli/Cargo.toml

@@ -0,0 +1,12 @@
+[package]
+name = "ghost-cli"
+version.workspace = true
+edition.workspace = true
+authors.workspace = true
+license.workspace = true
+
+[dependencies]
+ghost-core = { path = "../ghost-core" }
+anyhow.workspace = true
+env_logger.workspace = true
+log.workspace = true

ghost-cli/src/main.rs

@@ -0,0 +1,28 @@
+use anyhow::Result;
+use ghost_core::{memory, process};
+
+fn main() -> Result<()> {
+    env_logger::init();
+
+    println!("Ghost - Process Injection Detection\n");
+
+    let processes = process::enumerate_processes()?;
+    println!("Found {} processes\n", processes.len());
+
+    for proc in processes.iter().take(10) {
+        println!("{}", proc);
+
+        if let Ok(regions) = memory::enumerate_memory_regions(proc.pid) {
+            let rwx_regions: Vec<_> = regions
+                .iter()
+                .filter(|r| r.protection == ghost_core::MemoryProtection::ReadWriteExecute)
+                .collect();
+
+            if !rwx_regions.is_empty() {
+                println!("  RWX regions: {}", rwx_regions.len());
+            }
+        }
+    }
+
+    Ok(())
+}