I do not know how all that .dat files are manipulated, but as far I recall, it was somehow proved that it is possible to "inject" given address into wallet.dat file knowing it's public key. In other words - if you know public key (wallet has spending transaction) it is possible to create a forged wallet file for that address. Wallet will work in bitcoin core, show correct balance etc.
It is pretty easy to manipulate a wallet file simply because wallet files don't really have any kind of checksum or integrity check to make sure the file is not manipulated. It is jut raw data that can be modified and any part of it like the addresses can be changed to a funded one and the encrypted keys to garbage undecryptable data.