RedButler is a windows kernel driver that lets you acquire the super powers of ring 0 just by loading it and using its CLI!

Report Bug · Request Feature

RedButler is a windows kernel driver that, by loading it, lets you acquire ring 0 superpowers! It offers various features among:

• Hiding / showing files and directories
• Protecting processes
• Excluding processes from protection
• Injecting DLL into processes (PPL ones excluded)

Just download the latest compiled release of the driver and install it using the RedButler.ini file.

If you prefer compiling it by yourself, feel free to do it. You'll just need the Windows Driver Kit (windows 10).

Process protection

RedCLI.exe process --protect <PID>
RedCLI.exe process --unprotect <PID>

Process exclusion

RedCLI.exe process --exclude <PID>
RedCLI.exe process --unexclude <PID>

Filesystem manipulation

RedCLI.exe filesystem --hide --file <path>
RedCLI.exe filesystem --hide --directory <path>

RedCLI.exe filesystem --unhide --file <rule id>
RedCLI.exe filesystem --unhide --directory <rule id>

Contributions are what make the open source community such an amazing place to be learn, inspire, and create. Any contributions you make are greatly appreciated.

1. Fork the Project
2. Create your Feature Branch (git checkout -b feature/AmazingFeature)
3. Commit your Changes (git commit -m 'Add some AmazingFeature')
4. Push to the Branch (git push origin feature/AmazingFeature)
5. Open a Pull Request

Distributed under the MIT License. See LICENSE for more information.