Here's the glimpse of it:
First think of a simple idea you would like to implement. For example, let's make all explosions 10 times more powerful.
Ok, let's use Wormkit API to make explosions 10 times bigger. Haha, there is no wormkit API. All wormkit does is in fact loading your DLL in the game, that's all. Everything else needs to be done by you, starting from dllmain, and I really mean it. You need to carefully patch the game's code in memory in order to change its behavior in a desired way.
Try to guess how the explosions are created in the game. You can see, that the game is able to create both small and big explosions, so they probably have some "power" parameter. The explosion can be placed anywhere on the map, usually where a weapon, mine or worm explodes, so there must be a way to specify XY coordinates of the explosion. This tells us, that there is some hypotethical function "create explosion" that accepts at least "x, y, power" parameters.
With this in mind, can you think of the simplest way to make the explosions 10 times more powerful? How about modifying the "create explosion" function in a way that will multiply the
"power" parameter by 10 whenever it's called? Sounds easy.
Now, we need to find this "create explosion" function. For this to work, we need to analyze WA's code. You need a disassembler (and to make things easier, decompiler) - your two main options are Ghidra and IDA Free/Pro. I roll with IDA Pro, but Ghidra is fine too.
Once you load WA in your disassembler, you will see thousands of functions, most of them will be named something like sub_401530, sub_401550, sub_401560, sub_4015A0, sub_4015F0... where is our "create explosion"? You need to find it (given it exists and our assumption was correct).
Think of an explosion in WA. What exactly happens when stuff explodes? You see a flash, hear a bang, a hole is created in the land, worms lose hp if hit, worms are pushed away from the explosion, worms change their animation from standing to flying/hurt, worms emit blood (if set in scheme), oil barrells explode and create fire, debris in background is pushed away from the explosion... you get the idea.
If we don't know where the "create explosion" function is, maybe we can find a function that is somewhat related to creating explosion? After all, there should be some connection between creating an explosion and making a hole in the land, right?
Now, do we know any functions that implement those side effects? No, we don't know any function names and there are thousands of functions in the game. This seems impossible.
Let's analyze the side effects - some of them seem more complex than others. For example, making a hole in the ground seems more difficult than playing an explosion sound. What's seemingly the easiest side effect? I think it's damaging the worm - specifically, reducing it's hp. Let's find a function that reduces worm's HP.
Start the game in single player mode, make a playground scheme - place only one worm on the map, give yourself all ammo, infinite turn time. Launch Cheat Engine and scan for a dword "100", as your worm currently as 100 hp. You should have thousands of matches. Damage your worm a little, do a further scan for your worm's current hp. Repeat this until you have only one or very few matches. Add the address to the list and modify the value to 9999 and try damaging the worm again. If done correctly, your worm should have a lot of hp. Congrats, you found the variable that holds your current worm's HP.
Now, how to find the function that actually damages your worm? You need to check what accesses this variable. In cheat engine, select this variable and activate a memory breakpoint on write, (aka see what writes to this address). Continue damaging the worm, you will see that some addresses will appear, along with the number of accesses to the variable. You will probably see one ore two functions - copy their addresses. Go to IDA/Ghidra and go to this address. It probably does not exist, because of ASLR changing the base address of WA process. You can rebase the function address manually, but in general, you will need to disable ASLR in WA.exe for convenient debugging -
https://osandamalith.com/2018/10/24/pe-sec-info-a-simple-tool-to-manipulate-aslr-and-dep-flags/Now take a look at the code in IDA/Ghidra, does it look like something that writes the worm's HP? Look at the xref's to this function (aka functions that call this function). Probably one of them will be the one that creates an explosion. You can also look for other functions, like the one that plays sounds.
Once you identify your "create explosion" function, you will need to hook using minhook or polyhook or any other hooking library (you need to know function address or bettr, find address by function signature) and make a wrapper call that will roughly look like this:
int create_explosion_hooked(int x, int y, int power) {
return create_explosion_original(x, y, power*10);
}
Make a shared library with cmake and msvc toolchain, compile it and load in the game, voila
Sorry, i've run out of time writing this guide. That's the basic idea. Check out my modules and the discord links - i've posted over 4000 function addresses, so you don't have to find them yourself, cheers.