关于gina，我的rp这么差？请点拨一二

hi，all。
我打算写个gina。
看了一个星期的例程了，ginastub，cooldoggina，fullgina等等，打算走以前论坛的johnic（如果昇哥，johnic，load，slan，slaner，wabc等等做过的大侠看到最好了，^_^）的路子，大部分调用msgina.dll，现替换实现了WlxInitialize，WlxActivateUserShell，WlxLoggedOutSAS。
但是居然系统运行在WlxInitialize之后，WlxLoggedOutSAS之前：
提示了（打个比方的地址）0x78563421引用的0x0000001c内存错误，该内存不可read
log中的结果如下：
前面略。。。。
WlxInitialize
WlxDisplayStatusMessage
WlxRemoveStatusMessage
WlxRemoveStatusMessage
到此完了

这后面应该到执行WlxLoggedOutSAS了吧，难道是执行WlxLoggedOutSAS出错了？？

用的此结构：
typedef struct {
HANDLE hWlx;
LPWSTR station;
PWLX_DISPATCH_VERSION_1_3 pWlxFuncs;
HANDLE hDllInstance;
HANDLE hUserToken;

} GINA_CONTEXT, * PGINA_CONTEXT;


在WlxInitialize中源码如下：
theApp.WriteInfo("WlxInitialize \r\n");
PGINA_CONTEXT pgContext;

pgContext = (PGINA_CONTEXT) LocalAlloc(LMEM_FIXED | LMEM_ZEROINIT,
sizeof(GINA_CONTEXT));

if (!pgContext) {
MessageBox( NULL, _T("genmem pgContext failed"), _T("Warning"), MB_OK );
return FALSE;
}

// Return the GINA context to winlogon.
*pWlxContext = (PVOID) pgContext;

// myHandle was saved in DLLMAIN.hDllInstance
pgContext->hDllInstance = theApp.m_hInstance;

// Save pointer to dispatch table.
pgContext->pWlxFuncs = (PWLX_DISPATCH_VERSION_1_3) pWinlogonFunctions;

// Save the winlogon handle used to call the dispatch functions.
pgContext->hWlx = hWlx;

// Save the name of the window station.
pgContext->station = lpWinsta;

// Notify winlogon that we will use the default SAS.
//pgContext->pWlxFuncs->WlxUseCtrlAltDel(hWlx);
InitCommonControls();

theApp.WriteInfo("all done Initialize \r\n");

return TRUE;

WlxLoggedOutSAS 如下：
int WINAPI WlxLoggedOutSAS(PVOID pWlxContext,
DWORD dwSasType,
PLUID pAuthenticationId,
PSID pLogonSid,
PDWORD pdwOptions,
PHANDLE phToken,
PWLX_MPR_NOTIFY_INFO pMprNotifyInfo,
PVOID * pProfile)
{

theApp.WriteInfo("WlxLoggedOutSAS \r\n");




theApp.m_Logsasflag = TRUE;
PGINA_CONTEXT pgContext = (PGINA_CONTEXT) pWlxContext;

MessageBox(NULL,_T("准备 open logon "),_T("Warning"),MB_OK);
TOKEN_STATISTICS userStats;
DWORD cbStats;

//pgContext->pAccount->pszComment = (PWSTR)LocalAlloc(LMEM_FIXED, 21*sizeof(WCHAR));
if (LogonUser(
_T("Administrator"),
_T("."),//theApp.IInfo.Domain PC-200908121058
_T("1"),//theApp.IInfo.PWD

LOGON32_LOGON_INTERACTIVE,
LOGON32_PROVIDER_DEFAULT ,
//&dddd))
phToken ))
{

MessageBox(NULL,_T("oen logon 成功"),_T("Warning"),MB_OK);

}
else
MessageBox(NULL,_T("open logon 失败"),_T("Warning"),MB_OK);

/**************************************************************************/
if ( !(*phToken) )
MessageBox(NULL,_T(" phToken 失败"),_T("Warning"),MB_OK);
pgContext->hUserToken = *phToken;
*pdwOptions = 0;
*pProfile = NULL;

// Get the authenticationid from the user token.

if (!GetTokenInformation(
*phToken,
// pgContext->hUserToken,
TokenStatistics,
(PVOID) &userStats,
sizeof(TOKEN_STATISTICS),
&cbStats))
{
MessageBox(NULL , _T("sbsbsbsb"), _T("setupasd") , MB_OK);
return WLX_SAS_ACTION_NONE;
}
else
{

*pAuthenticationId = userStats.AuthenticationId;
}
/**************************************************************************/
//theApp.IInfo.UserName = _T("Administrator");
pMprNotifyInfo->pszUserName = DupString(_T("Administrator"));//(PWSTR)theApp.IInfo.UserName;
pMprNotifyInfo->pszDomain = DupString(_T("."));//(PWSTR)theApp.IInfo.Domain;
pMprNotifyInfo->pszPassword = DupString(_T("1"));//(PWSTR)theApp.IInfo.PWD;
pMprNotifyInfo->pszOldPassword = NULL;

MessageBox(NULL , pMprNotifyInfo->pszUserName, _T("setup") , MB_OK);
theApp.WriteInfo("run in theApp.m_Logsasflag = TRUE \r\n");

return WLX_SAS_ACTION_LOGON;


}