You've got a number of topics going on here. Lets clarify so I can give you an answer.
To discover 0 days, you need to find a vulnerability in a piece of software. This can be done via fuzzing, source code review, or reverse engineering. There are a bazillion ways to fuzz. Reverse engineering is an art, and it's hard to do. Source code review only works if you obviously have the source code. For the last 6 months, I've been fuzzing the crap out of FTP servers. Since this is a clear text protocol, I just wrote a fuzzer in python and it's very straight forward. You could also use Spike or Sully, which are full blown fuzzing frameworks. Pick up a book on fuzzing, it will open your eyes. This is probably the most common way to find bugs in software.
Shellcoding is just a way of executing instructions directly in memory. This is separate from the vulnerability. Typically, you'd find a vulnerability and then use shellcode to manipulate the program the way you want after you have controlled EIP or SEH. For example, we'd use it to run a shell, connect back to an attacker, jump around memory, use ROP gadgets etc. Creating shellcode like you're talking about, is probably more than what you want to do at this point. Metasploit has tried and true shellcode that even works with encoding. I would just start with that.
To give you a real easy introduction into this, go get a copy of FreeFloat FTP server. This is the biggest PoS software I've seen in awhile. Almost every command is vulnerable to a basic buffer overflow. Try not to look at any of the exploits I wrote, or anyone else on this software. Try to find them on your own by fuzzing the app, finding a vulnerability and then creating an exploit to take advantage of that vuln. If anyone is interested in Buffer Overflows, start with this app!
Does that help?