Every now and then, there are games where the address for important variables such as the player's position change through out the game. This can be frustrating refinding them over and over, so here's a guide on how to keep track of it, but only for a specific situation: the game only points immediately to the address, rather than having multiple pointers with no extra operations needed.
1. Find out where the address location to change
First, find out where/what causes the address for what you need to change locations. For example, in the GBA game Monster House, it changes on reset, and when you enter another floor.
2. Find addresses before, and after a change
Say, if the player's X/Y address is at 02E1E8. After moving to another location, it moves to 02FF48. Note both the addresses down, and keep a small list of address locations for every time it changes.
3. Make savestates corresponding to step 2.
Since some games don't follow a order or offset, you may have to make a different savestate for each time it moves. This will be used during RAM Search.
4. Loading the first savestate, open RAM Search
Most likely, it will be in the same memory region as the roaming address, so say if the postions are located in ERWAM, then search EWRAM. Start by searching for a 4 byte Hex value greater than 0. You should get a large list of things like this
Load the next savestate, and take a note of where the address hopped to. For example, using the watch list from above:
Savestate 2's X address is 02FF48 and Savestate 1's X address is 02E1E8. With that in mind, 02FF48 is greater than 02E1E8, so set the comparison operator to "Greater than" the previous value, and search again. The list should now be smaller.
Note if the X address ends in a "smaller" location compared to the first scan, say 02BFB8 when your first scan the address was at 02F120, then select "Less than" the previous value! Don't blindly follow this guide and search "Greater than" regardless of the address's change!
5. Narrowing down the options
2 cases:
If using BizHawk:
Given the memory region, find out what "number" it maps to. For example, the IWRAM/EWRAM, according to
http://problemkaputt.de/gbatek.htm#gbamemorymap, is at 0x02000000.
Now at the RAM Search, for specific value, search greater than the what the memory map says. In this case, 02000000.
If using another emulator:
There are no memory regions, so instead look at the first 2 digits of the address you're looking for. In the case I used, if using VBA, it should look like 0202E1E8. 02 being the first 2 digits.
Now at the RAM Search, for specific value, search greater than the first 2 digits appended by 6 zeros. In this example, it will be 02000000
Yea, this was on DeSmuME instead, and for a different game, but this trick works regardless. Sorry.
In both cases, it should make the list drop a lot. Without doing anything else, immediately set the first 2 digits higher by 1, and search less than the previous value. Here's an example:
Once again, do not blindly follow the example; if the memory region for some reason was at a different place, like 04000000 for instance, search "greater than" 04000000 and then less than "05000000" rather than the numbers I use!
If there is still a large number of addresses left, do not worry. Load the next save state, and search greater than "<memory>"/less than <"memory region number +1">. After a while, you should get a smaller list below 100.
6. Note what your current address location is and compare it with the remaining entries
See which value is closest to the address's location. If using BizHawk, subtract the value you see by 0x02000000.
Example:
7. Confirming those are related
Take note of the addresses you found closest to the current address. Without searching for anything else, load another savestate which addresses in a different location. Look at RAM Search and see if the addresses you noted down also change to a relatively close location.
In my case for example, loading a savestate where the X address is at 286C4 in BizHawk causes the suspected pointer, B3D8, to have a value of 020286B0. That is basically the X address (subtracted by 02000000) offset by +0x14.
Loading another savestate where the address is at 02FF48 (in BizHawk), causes B3D8 to have a value of 0202FF34, which is still the x address (subtract 02000000 since BizHawk) offset by +0x14. In other words, they are very likely related, and B3D8 is most likely a pointer that allows you to easily refind X no matter the floor.
I personally tried this on 4 different games (Over the Hedge (DS), Monster House (GBA), Harry Potter: Prisoner of Azkaban (GBA) and Scooby-Doo! - Mystery Mayhem (GBA)); made by different game companies and on different consoles and this trick worked out. I hope this helps someone, since as far as I know, there's no automated pointer scan for emulators outside 3rd party programs like Cheat Engine.
