For the PS2, anything from 0x00080000 - 0xFFFFF is considered fair game for a code cave. Where you'll hit depends on what cheat device is in use. Most people don't go below 0xA0000 to avoid conflicts with them. CodeBreaker uses ~0x80000 up to around 0x8A000, depending on the version and code list, and I think the AR MAX gets to around the 0x90000 range somewhere. 0x0 - 0xFFFFF is kernel RAM, and as luck would have it, the PS2 kernel doesn't touch half of it.

Pointer codes exist for the PS2, but the format differs between devices and versions. It's code type 6 on CodeBreaker, the older ARs, and all GameSharks. CodeBreaker versions 1-6 use a different format than 7-10. GameSharks 1-2 and AR 1-2 use the same format which is compatible with CodeBreaker 1-6, but not 7-10. GameSharks based on MadCatz/Fire software (versions 3-5 and GameShark CheatCodes version 1.0-1.3) have a slightly different format that's backwards compatible but also broken. It can't work with RAM higher than 0xFFFFFF. The AR MAX has it's own format for pointer codes. I don't remember them offhand, but they're all single-line. An 8-bit pointer write has an offset up to either 0xFFFFFF or 0x7FFFFF (can't recall if it's signed); 16-bit is either 0xFFFF or 0x7FFF at most, and the 32-bit doesn't allow an offset, which makes it essentially useless. You'll have to look up the command list for whatever device and version you intend to use to find out how to make them correctly for it.

PCSX2 also supports pointer writes, IIRC. It's badly documented. You have to use a keyword to switch the code-engine to extended mode, and then the format is a little wonky, but it seems like it works for people once they get the hang of it.

On the PSX, there are no pointer writes. There's surely a code cave somewhere, possibly unused kernel RAM again, but I've never had to make use of one without knowing what areas in RAM the game is and isn't using at a given time. That is, I usually stick code somewhere alongside the game's own code, contingent on its state. The one time I tried using the upper, unused portion of kernel RAM it didn't work properly, but I don't know if it was the emulator being overly aggressive in enforcing user-mode restrictions or what.

Thanks a lot for your useful informations! Unfortunately my PS2 stops working time ago, so the AR MAX CD, that I used to do cheats, is unused because I don't know how to use on PCSX2. So I'm trying to do codecaves with the PCSX2's debugger and yes the informations about PCSX2 pointers support is not so well written. But I hope that, thanks to your useful post, I could understand how to "translate" pointer writes from AR MAX to PCSX2.
But first I'll explore the ranges you taught me about RAM for codecaves. I'm very curious!

About PSX...I'll try to find some unused portion of strings and inject my code there? Could be a solution? I think that for understand what RAM portions are unused the only way is (I think) do breakpoints around the code and see what happens. If it breaks or not during the game...It could be frustrating...but there's any other solutions?
I need to understand this on PSX because for Crash Bandicoot games I've two options:
1) port code form Nolberto82's moonjump for NTSC Crash B. 2 to Crash B. 1, 2 and 3 PAL
2) do a moonjump code with joker commands for a single level! (like for masks and apples)

Well, thanks again for your precious help!

P.S.:
I've done some codes for some games for some systems. Especially Europe and Italian only language games.

How can I contribute to the code's database?

Looking at the latest source for PCSX2, it looks like I was mistaken about it supporting pointer writes. I may have been confused by some of the custom builds that were kicking around at one point. I don't think those custom versions have been kept up, so if you want better, built-in support for cheats in PCSX2, you'd have to go to seriously outdated builds.

Many thanks. I'll check outdated versions of the emulator. In a way or another I'll find how to learn.

And...what about my last question? Do you know how and where I can post my own created and tested cheats?
Sorry for my newbiesh hassle

Start a thread in the "Hacker Threads" with a title like luc-ita's codes or something like that.

Thanks Helder.
Sorry for abuse of your time of you all but thanks to my ignorance I need your help once again.
I use PCSX2 and Cheat Engine.
Exploring the code with PCSX2's debugger I've found out that in "lw v0,0x2000(s4)" s4+0x2000 is the base address of my interest. It conteins the address 01FEBCD0. Than 01FEBCD0+0x4 contains 01CBB5D0.
With Cheat Engine I've successfully created a pointer address that points always to the right value, because the value's address is dynamic.
I tried to do the same thing in CodeBreaker format:
60713100 40000000
00020001 00000004
With an horrible result. So i'm thinking two options: PCSX2 doesn't support CB format OR my code is bad done.
I also tried with PCSX2 1.0 with Codebreaker Engine, but it's even worst.

I would only know, please, if my code is written in a correct format or not.

The code looks correct, in formatting at least.

With 1 level of pointer, load the pointer value at 0x713100 and add 4 to it. Then write the 32-bit value 0x40000000 to the resulting, hopefully word-aligned address.

Edit: Your post sort of reads like 0x01CBB5D0 is the pointer you actually want to use, so that would be:
60713100 40000000
00020002 00000004
00000000 00000000

I think anyway. If what you're going for is load the pointer at 0x713100 and add 4 to that (0x01FEBCD4), then load the pointer there (0x01CBB5D0) and finally write 0x40000000 to that address.

Thanks again! Tomorrow (it's late here) I'll re-check my code and post one or two images to let you see what strange effects I see in-game and with Cheats Engine.

You can use PCSX2 v1.2.1 with this addon called PCSX2dis:

Link: http://forums.pcsx2.net/Thread-PCSX2...I-P-13-02-2015

This addon gives you a live debugger along with the ability to input codes in RAW format. I highly suggest it over cheat engine for PS2.

I know and already used it but have abandoned it for no reason. Stupid me. Thanks Harry62 for your suggestion!

@Pyriel:
I've reached exactly your code during my research. I've added the 3rd line but have seen that the code don't do nothing. So, thinking the 3rd line was useless, I've asked you if my 2 lines code was correct or not. Many thanks for your effort and help. I'm thinking that PCSX2 doesn't support three lines code, I suppose.
I'll post some images as soon as I can.

EDIT:
I found the problem!!! The s4 register is dynamic. I need to explore more deeply to find where the s4 is assigned each time. Damn poor knowledge.
When I'm sure to have found a static address to start I'll reply.
I'm sorry for this!

What game are you hacking and what code are you trying to create? It sounds like you know your way around code but I'll lend a hand if you need some help pulling a DMA address.

A very appreciated and unexpected answer!!
I'm not a programmer but are some years that I want to learn how to make codes by myself, so thanks and yes I know a couple of methods to find and create cheats...but I'm still a newbie...ANY help is VERY important.

The game is Disney Princess - Enchanted Journey. Europe version. I've chose this game for practice.
I've found the dimensions of the character, height, length and width. Theese values have addresses that are 01xxxxxx. And I think they are dynamic, because when I'm at the main room the addresses are correct, and the opcode that "holds" the width value are always at 00255CA8 (lw v0,0x2000(s4)), then v0+0x4 goes into a1 and then there's a jal that do this:
BUT when I change room (this game has rooms like Crash Bandicoot 3) s4 address changes. I've inspected the code and found that:
at 00255C48 -> daddu s4,a0,zero -> a0 == s4
at 00255C28 -> z_un_00255c28 -> the begin of the funcion
at 00249778 -> jal z_un_00255c28 -> the jal that call the function wrote above
at 00249760 -> lw a0,0x438(s0) -> s0+438 == a0

And at this point I can't find what opcode assigns the address into s0 register.
I'm thinking of try to do a "CodeCave" at JR RA of the jal function wrote above and then load into a specific address the value a1 and so the others for the other dimensions and tell at the user of my code to put the dimensions (in hex) of the character in theese hypothetical addresses.
But I haven't so much skill at the moment. So if you could help me I'd prefer do all this with pointers.

Sorry for the late answer. Took me awhile.

EDIT:
Could I send to you somehow the ELF? Or it's piracy? I just want to help you help me.

What code are you trying to make? Are you trying to load the address from the register and change the data at the address?

You can legally dump the game and send me the file. It will have all the same info as the ELF minus any labels from the elf, or just PM me a link to the ELF.

Yes! I'm trying to do exactly that you have wrote.
What do you prefer? Dump of the RAM or a link with the ELF via PM? As you prefer. Or I could send you all two in a PM.

EDIT:
PM sent