Matt Thomlinson and I wrote a document explaining how to take advantage of some of the buffer overrun defenses in Windows Vista. The document is now available here.

Enjoy :)