New functionality or altered functionality in Microsoft Windows can be introduced with a hex editor such as hex workshop, ida free edition, and a table of opcodes or a one-instruction-at-a-time assembler such as Radare2.

In fact, since entire shellcode binary/hex are self-contained, we can just copy and paste shellcode into, for example, PrintIt(), which is part of notepad.exe - and is basically a function called when you try to Print It (document), or in non-microsoftese, when you click File->Print.
Searching for these functions is relatively easy, as Microsoft usually names them directly after their intended purpose. You open up ida free, look for the offset into the file of the function + the first few asm lines where the stack pointer (ESP and EBP) is messed with at the very beginning, then open up hex workshop and "Go to" that offset, then type in the hex bits of the intended shellcode.


One other thing you should check that I have realized, is whether the executable imports the library you're invoking. I believe calc.exe must import the dll you are invoking for this to work. But, every process has kernel32.dll in its address space so this particular Beep and ExitProcess should always work.

Here are several videos I've created of a modified notepad to Beep() and ExitProcess() when you click File->Print and a modified calculator that does a Beep() and ExitProcess() when you click Clear History:

That's cool, but I mean, it's actually worth it?
Anyway your possibilities are heavily limited by the static nature of those programs' code, you know you can't go far by copy/pasting machine code into the program's routines.
Also, I'm a [censored] and I'd like to point out that what you're talking about is not shellcode at all.
That's just machine code or binary code or executable code (choose your favourite among these).
Shell code is machine code with the purpose of opening a shell (often with high privileges and/or from remote), and you can guess it wouldn't be too cool having it on Windows' programs.

However, good job.
It's just playing, but at least it can give you some understanding of how stuff works.

Isn't this info already available on other sites? I knew about it before this post so I think so, but I guess if you want to post this, maybe it can help someone, although Betaarchive wouldn't be my first place to look to find info on how to do this.

The ability to use all of the stuff developed in the art of shellcode to insert instructions between a function end and beginning in a short amount of space is helpful, and helps saving some effort in keeping the PE file uncorrupted.

To my knowledge, videos of this kind for notepad.exe and calc.exe aren't available elsewhere.

I would have called them system calls.