Exectution on the stack

[arnix]

I've listened that it's possible to overcome the restriction in WinXP SP2
which does not allow to execute commands on the stack. i have 2 questions:

1. how can i do that in XP SP2 (or maybe in other OS too?) (i know google.com but maybe someone has a small and good way to do that)

2. i wanna write a simple protector (just for experience), what do you
think, is it a good idea using this trick (execution on the stack)
or it is a outdated trick and it will not be possible to overcome
the restriction on newer OS-s with new processors.

thank you.

I know only two articles related the subject:
hxxp://www.ngssoftware.com/papers/defeating-w2k3-stack-protection.pdf
hxxp://www.maxpatrol.com/defeating-xpsp2-heap-protection.htm
and I think it's very complicated to use this techiques in real programs, because there many additional restrictions you should comply such as very small buffer and different incompatibilities between OSes,

If you want use stack execution in legal program (not exploit) try add your program to DEP exception list:
hxxp://www.microsoft.com/technet/security/prodtech/windowsxp/depcnfxp.mspx

[nikola]

This is already talked about in KaGras topic. He also supplied some examples.