At its most basic level, I imagine it started with examining changes detected and cross-comparing them with what the user knows has changed in the game, and building up a set of reasonable assumptions that can be then tested directly by poking instead of peeking, etc.
But we're well beyond that, now. Whole 'architectural features' have been mapped (and, where necessary, depacked from their non-trivial method of memorised storage), so that even when gross changes to the underlying layout changes upon a new version's release the fingerprints of known 'magic numbers' in the data layout can be quickly narrowed down in its reshuffled/enhanced new appearance and the a head-start is already gained upon demystifying the new bits and bobs.
It'd be a big task to start again from scratch, but countless person-hours (and machine-hours!) of work have gone into this.
None of them mine, sad to say, so I'm just wildly speculating. But I've previously done things like work with a debugger to extract the secrets of the original XCOM (UFO:EU) save-files, in my day (easy! No obfuscation at all, IIRC!) and also spent time trying to reverse-engineer particular implementations of variable-width encoding of values in obscure data files (intended to save file-space) and get past the likes of self-XORing-stream-encryptions (because someone thought they'd reinvent Enigma).
Or decompile (or actually run and step through, watching carefully) the .exe and observe what it does, if you really need to. Never underestimate the tenacity of an individual (or a group) with a purpose in mind..!
Author
Topic: How were DFHack's structures created? (Read 2110 times)