What role does the userlog_read function play in displaying Last WebAdmin Sessions, and how was it identified?

The userlog_read function in /var/confd/confd.plx retrieves session records from the database and log files for display on the webadmin page. Researchers identified it by decompiling webadmin.plx and confd.plx, then searching for userlog_read. The function calls _consult_db to query confd_sessions and _iterate_files to read /var/log/confd.log. This reverse engineering approach is similar to analyzing drivers in the Analysis of CVE-2017-8360 (Keylogger in HP Audio Driver) Exploitation.