In computer security, a shellcode is a small piece of code used as the payload in the exploitation of a software vulnerability. It is called "shellcode" because it typically starts a command shell from which the attacker can control the compromised machine. Shellcode is commonly written in machine code, but any piece of code that performs a similar task can be called shellcode. Because the function of a payload is not limited to merely spawning a shell, some have suggested that the name shellcode is insufficient.
The payload is the actual data, or the cargo, carried by the headers. When referring to a computer exploit, the payload is the effect caused by a virus or other malicious code executed by the exploit on the target computer. The payload of a virus may include moving, altering, overwriting, and deleting files, or other destructive activity.
ref:
Shellcode - http://en.wikipedia.org/wiki/Shellcode
Shellcode Tutorial - http://projectshellcode.com/?q=node/20
Windows Shellcode CodeProject - http://www.codeproject.com/Tips/60571/simple-windows-shellcode-invoke-message-box.aspx
Understanding Windows Shellcode - http://www.hick.org/code/skape/papers/win32-shellcode.pdf
Windows Syscall Shellcode - http://www.symantec.com/connect/articles/windows-syscall-shellcode
Windows Shellcode Mastery - http://www.blackhat.com/presentations/bh-europe-09/Caillat/BlackHat-Europe-09-Caillat-Wishmaster-slides.pdf
Shellcode Programming - http://www.l0t3k.org/programming/docs/shellcode/
Shellcoding for Linux and Windows - http://www.vividmachines.com/shellcode/shellcode.html
Writing Shellcode - http://www.safemode.org/files/zillion/shellcode/doc/Writing_shellcode.html
Linux Shellcode - http://www.tenouk.com/Bufferoverflowc/Bufferoverflow5.html
Designing Shellcode demystified - http://www.enderunix.org/docs/en/sc-en.txt
Network level polymorphic Shellcode detection - http://dcs.ics.forth.gr/Activities/papers/emulation.dimva06.pdf
Shellcode detection Library(x86 Shellcode detection and emulation (libEmu)) - http://libemu.carnivore.it/