10cks/Ghost — reverse-engineered prompt

Build me a small Windows security research demo based on this project that shows, in a safe lab way, how endpoint tools can miss suspicious activity.

I want it to load only a harmless test payload, like opening Calculator or printing a message, and include a simple build script so I can compile it from Linux with MinGW. Keep the code organized and add comments that explain the high level ideas, like fibers, call stack hiding, noisy memory allocation, and ETW patching as concepts.

Please don’t make it a real stealth loader or include anything meant to bypass real EDR in the wild. If something in the repo is risky, stub it out or turn it into a mock demonstration.

Add a clear README that explains how to run it in an isolated VM, what the demo shows, and what is intentionally disabled for safety.