It depends, there are multiple techniques when it comes to making Bots and any other chat tool for a game, there are plenty of tutorials outheres and a lot of basic bots and tools you can find them on github for multiple games. Let’s go over some of the basic techniques:
Macros: this one is easy to understand, some players just program their own macros either with native functionality of their hardware/sowftware or by using a third party software. Macros are simple but can be game breaking.
Recorded inputs or Macro Recorder: You basically use a program that tracks your movements and replicates them, as a QA engineer you may be familiar with this one.
Pixel mapping: This one is fairly simple but is more personalized and somewhat harder to detect, basically you take a library such as PyInput that reads the pixels on your screen and then allows you to do stuff with that information, Code Bullet has a ton of tutorials and projects automating game interactions and most of them use pixel mapping https://www.youtube.com/c/CodeBullet. Also here’s a free python book that teaches this technique (along many other) https://automatetheboringstuff.com/
Memory mapping/scrapping: tbh idk if it has an official name, this is how all advanced bots and tools are usually made (C# is often the language of choice because it makes development easier by nature but C++ is also a popular option) and is basically on another level of complexity, but the idea is very simple, you attach your program to a process, then read the memory output of the game, and basically either use than information to get stuff like players/enemys positions health and whatnot, this technique is often used for other malicious purposes like making Memory Scrapping Malwares. Although this method is by far the best because it gives the most amount of in-game information and is faster and more precise that pixel-mapping, is the easiest kind of automation to detect tools like EAC specializes in detecting these (although this is a constant battle since hackers always find a way to bypass it then they patch it, rinse and repeat), hackers usually bypass EAC with a Kernel-injection tool (most of them out there are malware don’t use them). This technique usually requires a fair knowledge in the Assembly language and namely Reverse engineering some tools have been developed to make this process easier such as CheatEngine (which is free), but there are some other more advanced tools such as BinaryNinja there are some others free and paid tools but BinaryNinja is my personal favorite. If you want to learn more about Reverse Engineering, by far the best Reverse Engineering book I know of is this one: "Reverse Engineering for Beginners" free book and is free.
Network mapping/sniffing: Basically the same as memory mapping in essence, basically is a program that sniffs network traffic, and then use this to get information and modify it before is send to the server, most old online game suffer of this kind of vulnerability because a lot of the stuff happens on the client side and is not double checked on the server side, old CSGo aimbots where usually made like this. LiveOverflow’s video on Pwny Island by far explains it better than what I ever will. For these kind of tools usually Python is the language of choice because it’s just easier and there’s a lot of documentation about it.
I’m not an expert, but I hope this helps answering some of your questions, Cheers!
Self Hosted Servers, when you are the owner of the server, you are basically god, only limited by your knowledge, the best example of a recent game that uses Self Hosted Servers in malicious ways (Steal accounts, leak Intellectual Property, etc) is Genshin Impact, you may have seen some vieos of character leaks months before they are released, or people swapping character models and whatnot, well, this is how they do it!