I've read this link...
...but I don't understand. What are they? And what are their functions?
Windows Stations and Desktops are securable objects. Their primary function is to act as a security partition/barrier for various resources and features such as the clipboard, hooks, registered messages and the global atom table. Sessions were added at the top of this tree when the Terminal Services/Remote desktop feature was added to Windows. Sessions are also used by the fast user switching feature.
The hierarchy looks something like this:
+ Session for services (Session 0)
| + Window Station ("Service-xyz...")
| + Desktop
|
+ Session for user "Foo"
| + Window Station ("winsta0")
| + Desktop ("Default")
| | + Taskbar and applications
| + Desktop ("Winlogon")
| | + Logon/lock screen
| + Desktop ("Screen-saver", created on demand)
| + Secure screen saver
|
+ Session for user "Bar"
| + Window Station ("winsta0")
| + Desktop ("Default")
| | + Taskbar and applications
| + Desktop ("Winlogon")
| + Logon/lock screen
The interactive window station is named winsta0, and is the only station that can receive mouse and keyboard input from the interactive user.
In Vista and later, services run in their own session.
Because journal recording and hooks are per-desktop a normal application cannot listen to the keyboard input when you type in your logon password or accept a UAC prompt because Windows (winlogon.exe) switches to a different desktop under these conditions.
There are various tools tools that lets you explore the Window Station and Desktop objects. SysInternals also wrote a tool that uses/abuses Desktop objects to create virtual desktops.
Although it is from 2000, the "Programming Windows Security" book by Keith Brown might still be the best resource if you want to know more...