Wlxloggedoutsas In the Gina example in msdn in February 20

The login part occurs in wlxloggedoutsas
In the Gina example in msdn, wlxloggedoutsas first calls
Result = pwlxfuncs-> wlxdialogboxparam (hglobalwlx,
Hdllinstance,
(Lptstr) makeintresource (idd_logon_dialog ),
Null,
Logondlgproc,
(Lparam) pglobals );

Generate a login dialog box, which is usually seen. (lparam) pglobals is passed in from wlxloggedoutsas. It is estimated that the username and password entered during login will be put in it, pglobals-> paccount.
Then, call the function in the column.
Result = attemptlogon (pglobals, pglobals-> paccount,
Plogonsid, pauthenticationid );
After entering is
Int
Attemptlogon (
Pglobals,
Pminiaccount paccount,
Psid plogonsid,
Pluid plogonid)
Then call
Logonuser (paccount-> pszusername,
Paccount-> pszdomain,
Paccount-> pszpassword,
Logon32_logon_interactive,
Logon32_provider_default,
& Huser)
This function is in advapi32.dll. The huser is used to return the token obtained after verification. The token type is handle. It is strange that in the Windows document, the lsalogonuser is called, you only need to get or forge this token. I want to use a ring 0 program to forge this token,
... Later, we can see that l32plogonuser is called in logonuser, fill in the logon token group list in it, and then lsalogonuser is called.
After the token is obtained
Gettokeninformation (huser,
Tokenstatistics,
& Tstats,
Sizeof (tstats ),
& Size );

* Plogonid = tstats. authenticationid;
Msdn:
Authenticationid

Specifies an luid assigned to the session this token represents. There can be used tokens representing a single logon session.

This parameter is returned,

//
// The tricky part. We need to get the logon Sid from the token,
// Since that is what Winlogon will use to protect the windowstation
// And desktop.
//

Gettokeninformation (huser,
Tokengroups,
Pgroups,
1024,
& Size );

If (size> 1024)
{
Pgroups = localrealloc (pgroups, lmem_fixed, size );
Gettokeninformation (huser,
Tokengroups,
Pgroups,
Size,
& Size );
}

For (I = 0; I <pgroups-> groupcount; I ++)
{
If (pgroups-> groups [I]. Attributes & se_group_logon_id) = se_group_logon_id)
{
Copysid (getlengthsid (plogonsid ),
Plogonsid,
Pgroups-> groups [I]. Sid );
Break;
}
}

Localfree (pgroups );
The purpose of this part is to add the SID of each group to the access-control list entry of the token. I don't know what to say. I still don't know about these structures.
Msdn:

TheToken_groupsStructure contains information about the group SIDS in an access token.

An application can useCopysidFunction to make a copy of a Sid in an access token (inToken_groupsStructure, for instance) to use in an access-control entry.

... Unfinished