The logon screen is called the GINA DLL (Graphical Identification and Authentication), and is loaded at system startup by Winlogon.exe. The purpose of the GINA is to display identification dialogs and perform authentication using LogonUserEx and friends.
The cool thing about the GINA is that it runs as SYSTEM, inside a core Windows Process, so there's a real good chance you can screw something up. My favourite Blue Screen of Death has the following text:
That made my day [lol]. On a more serious note, I learnt a lot about Win32 security - it is, of course, essential that password information is not leaked. Every time a password is no longer needed, it must be zeroed out in case it is later retrieved (I wonder how many holes my GINA has). I don't understand this actually, since after reading Inside Windows NT I thought the kernel zeroed out all pages when they were re-used by another process. But anyway..
There is also excellent bug potential. For example, if you fail to pass the environment block to the CreateProcessAsUser function, the user's shell won't draw any of its windows properly. I had fun figuring that one out...
You can modify the behaviour to some extent - it's possible to give the logged on user whatever access rights you like.
I originally had plans to use Direct3D in my logon screen, until I found out that you're not supposed to use COM inside core Windows processes [sad].
The downside of all this is that it requires two windows boxes or a dual boot configuration. Or, if you are insane, you can deploy the custom GINA on your development machine. Just make sure you have your windows CD handy or can boot into safe mode. [wink]
I'll probably keep this journal updated with my progress on the project.
I think I'm the only GDNet+ user without an avatar.. [looksaround] [/edit]