Cheat Engine

[Vatsune]

Hello, I have been learning Cheat Engine for a while and now i'm trying to find the values that correspond to progression or unlocked unique powerups, values that I assume go from 0 to 1 once you reach a certain point or get the powerup, but I haven't been able to find a tutorial on this topic.
I considered simply searching for unchanged-changed and getting the powerup and reloading/restarting, but some games change addresses even when reloading a save, so I can't be sure that I am actually getting closer.
It also crossed my mind to use the dissect data structure after finding a base address for one my character's stats, but I wouldn't really know how to proceed from there with all the myriads of values.
What are some methods to find those values? I'm not referring to a specific game, just methods in general.

[FreeER]

reverse engineering lol

pretty much the only thing I could specifically mention is using the dissect data and adding the address twice, locking one of them so that it can compare the values before getting the upgrade and after. Of course it's only useful if it's actually in that area of memory.

[predprey]

Unlocked unique powerups i.e. skills, moves etc. need not be a single bytes or 4 byte variable for each skill or only vary between 0x0 and 0x1. In fact I would be more surprised if that were the case since it would be an inefficient use of memory to use an entire INT32 variable for each skill. More often, the unlocked status of each skill are stored as a single bit in a few bytes. Also, it is also possible that a skill being locked is represented as 0xFF or 0x7F while 0x0 is used to represent NULL for that variable instead. So searching for 0 and 1 based on the assumption that 0 means locked and 1 means unlocked may not yield any results. Of course, no harm trying to see if your assumption holds and searching based on it, may even shorten your process if any assumptions you made strikes gold. Searching for less common values like these is more often than not a trial and error process, though accumulated experience with many different game data structures helps a bit. Rydian's Value/Address Finding Examples provides a brief intro into how common game variables are stored in memory, though there are many other different ways out there in modern games that you will only know once you encounter them, which goes back to experience once again.

This varies a lot depending on each game and how the developers programmed it to be so the only reliable method of finding where they are is by the unchanged-changed searching. Granted this method will take a long time for you to narrow it down to only a few plausible addresses but one way you can streamline it by narrowing the search range to possible memory locations first, like first find where your other more prominent player stats are stored first i.e. health, skill points, attributes, then search around that region instead of the default 0-FFFFFFFF.

The way I did it for Middle-Earth Shadow of War IIRC was to just kept toggling the skills, exiting menu, entering again, moving the character, doing other things in game etc. until it narrowed down to a 100 or so addresses, then I manually deduced which is the one by comparing with the addresses of other player variables I found and testing if changing that address made any changes to the skill being toggled. Restarting the game or doing anything that might change where these values are stored is avoided.

In the worst case scenario, Ultimap is always my last resort to find the subroutine that unlocks the skill then reverse that subroutine to find where it stores the skill value. Last resort because it is extremely laggy when recording all the calls and jumps made, but it will surely turn up those elusive subroutines that are hard to find in its list of results. For instance, IIRC I used Ultimap to find the instruction responsible for those press button X right at the instant of Y to perform Z in Onebarachan Z2 and Attack on Titan 2, which you wouldn't have been able to find by just searching for values.