Though there are many functions running on system , how could the value of stackpointer (ESP) is same everytime for every function running on stack (because every function has different address )???? Especialy when ASLR is off????
The value of the stack pointer is not the same for every function, and does not depend on ASLR settings. The stack pointer is set at some location when a thread of execution is created, and functions increment or decrement it for data storage as the program executes. In particular, function code is not typically stored on the stack; pointers to function code are.
Without ASLR, once you've got a stack buffer overflow bug, you can insert a "blob of code" that calls other functions in the exploited app because you know where such functions are. With ASLR, you can't easily do that because you don't know where that code lives.