WLXLoggedoutSas in Gina in February 20 msdn

GinA landing in part in the example in the example in msdn in WlxLoggedOutSAS, the first call WlxLoggedOutSAS result = pWlxFuncs-> WlxDialogBoxParam (hGlobalWlx, hDllInstance, (LPTSTR) MAKEINTRESOURCE (IDD_LOGON_DIALOG), NULL, LogonDlgProc, (LPARAM) pGlobals);

Generating a landing dialog, which is usually seen, (lParam) PGLOBALS is passed from WLXLoggedoutSAS, and it is estimated that the username and password entered when landing will be entered, pglobals-> paccount. Then call the functions in the list. result = AttemptLogon (pGlobals, pGlobals-> pAccount, pLogonSid, pAuthenticationId); after entering is intAttemptLogon (PGlobals pGlobals, PMiniAccount pAccount, PSID pLogonSid, PLUID pLogonId) then calls the LogonUser (pAccount-> pszUsername, pAccount-> pszDomain, pAccount-> pszPassword, LOGON32_LOGON_INTERACTIVE, LOGON32_PROVIDER_DEFAULT, & hUser) this function is AdvApi32.dll in, hUser to return after verification token obtained, token type is very strange HANDLE ,, in the windows of the document said call is LsALogonUser, just get Or forgery this token, I want to use a Ring 0 program to fake this token, .... Later, I saw L32PLOGONUSER in Logonuser, in the Fill in the logon token group list, then call lsalogonuser to get token PostTokenInformation (Huser, Tokenstatistics, & Tstats, Sizeof (TSTATS), & Size);

* Plogonid = TSTATS.AUThenticationID; MSDN: AuthenticationID

Specifies an Luid Assigned to the session this token represents. There can be many tokens representing a single logon session. This parameter is back,

//

// the tricky part. We need to get the logon sid from the token,

// Since this is what Winlogon Will Use to Protect The WindowStation

// and desktop.

//

GetTokenInformation (huser,

Tokengroups,

PGROUPS,

1024,

& size);

IF (Size> 1024)

{

PGROUPS = LocalRealloc (PGROUPS, LMEM_FIXED, SIZE);

GetTokenInformation (huser,

Tokengroups,

PGROUPS,

SIZE,

& size);

}

For (i = 0; i groupcount; i )

{

IF ((pgroups-> groups [i] .attributes & se_group_logon_id) == S_Group_logon_id)

{

CopysId (Plogonsid (PLOGONSID),

PLOGONSID,

PGROUPS-> Groups [i] .sid);

Break;

}

}

Localfree (pgroups);

This part of the purpose is to add each of all of the SIDs to this token's Access-Control List entry. I don't know what to say, these structures don't know.

MSDN:

The TOKEN_GROUPS structure contains information about the group SIDs in an access token.An application can use the CopySid function to make a copy of a SID in an access token (in a TOKEN_GROUPS structure, for instance) to use in an access-control entry. ....