I know only two articles related the subject:
hxxp://www.ngssoftware.com/papers/defeating-w2k3-stack-protection.pdf
hxxp://www.maxpatrol.com/defeating-xpsp2-heap-protection.htm
and I think it's very complicated to use this techiques in real programs, because there many additional restrictions you should comply such as very small buffer and different incompatibilities between OSes,

If you want use stack execution in legal program (not exploit) try add your program to DEP exception list:
hxxp://www.microsoft.com/technet/security/prodtech/windowsxp/depcnfxp.mspx