Reflection is still in pre-alpha and still misses a lot of features, please keep this in mind before diving in! :3
Some features are still a big WIP but I'm posting this as a bit of a preview, or toy if you wish to play with it!
Reflection aims to replace the old and outdated ReClass and its variants.
Reflection leverages Wraith to hijack HANDLEs to target processes and uses undocumented routines through Aether
ReClass is ancient, back when most processes were 32-bit, and when UI and UX was... lackluster at best. ReClass also blindly opens processes, which could trigger anti-debugging on a target process, whereas Reflection hijacks handles!
Reflection also allows for the saving (and therefore sharing) of user-defined classes, an example is attached with the program:
Which, when accessed through the class viewer, results in this:
This enables users to work together on reverse engineering!
Just like ReClass, Reflection allows you to index an address in this fashion:
With those keywords:
| Keyword | Result |
|---|---|
| BaseAddress | Attached Process' Base Address |
| PEB | Attached Process' PEB Address |
| HeapBase | Attached Process' Heap Base Address |
| this | Container class |
| SymbolName.dll/.exe | Indexes to the DLL/EXE base address |
| [...] | Reads the result of the expression inside the brackets |
[PEB+0x10] resolves to the process base address, as said offset is defined as ImageBaseAddress
[[PEB+0x18]+0x10] resolves to _PEB->Ldr->InLoadOrderModuleList->Flink as shown below
| PEB Raw View | Formatted |
|---|---|
![]() |
![]() |
Of course, the parser supports both decimal and hexadecimal values. Hexadecimal values need to be prefixed by 0x to be valid though.
If possible, Virtual Addresses are indexed via their contained module, e.g.:
Pointers also check for validity, an invalid (or nullptr) pointer will render differently, e.g.:
Through Zydis, ASM bytecode is disassembled back into human readable instructions as such:
The original code being:
Reflection uses:
- Dear ImGui for rendering (DirectX 11), although most objects are non-native and custom made for our use!
- Both nlohmann's JSON library and TOML++, the former for saved classes, the latter for app settings
- xorstr in an effort to make fingerprinting Reflection harder, although this is a WIP
- Zydis for disassembling of bytecode
- My libraries Aether and Wraith for Windows related stuff








