I will assume we are now talking using code caves to create permanent changes to an application (no need for a dll/loader makes it easy to use).
The PE Header contains a few deprecated pieces, but overall is based off arrays with pointers. Finding space in here is not a good idea (unless you are removing the dos stub which isn't always a good idea either). You never know what data will be looked at and needs to still be zero. This is why writing to the .code section (which shouldn't need to be read under normal circumstances) is the "right" way (without adding sections).
It's easier to add a section than do all the checks to make sure you are not overstepping the bounds in a PE header.
That's what I said he should do a tutorial on at some point.
I don't see how it would be irrelevant. I do it all the time and only use "assembly".
this defeats the purpose, unless you are using an external exe to allocate the memory. But then why not make it easy on your self and write a loader (less updating for one thing). A code cave to a VirtualAlloc would still need to copy the code in to execute at some point.
Code:
blah
blah
jmp codecave
leftoff:
blah
blah
..
codecave:
overwritten blah
virtualalloc,NULL,commit/reserve/page read-write-exe
push eax
copymem from????????, to-eax,lengthof from?????????
pop eax
call eax
jmp leftoff
this extra code is useless unless you are adding in a larger amount of code and want to write all the filemapping for a bin(non-pe) module file into an allocated memory area and call that.... however for something that big, again... why not a dll...