As explained by Volker von Einem here, WinDbg 6.70.05.0 is special in the sense it has CLR debugging support. Microsoft erred and released this version which is actually internal release. It is not available for download anymore and those who have kept copies are lucky. Worst still, MS never intends to release this CLR support in the foreseeable future.
Just in case if you are that unlucky one and have not got 6.70.05.0 version with you, I digged out a link which seems to work:
I need to get MD5 hash from Volker since he has original one from MS. I’ll then update this post just to make sure Chinese website has not modified it in anyway.Read Full Post | Make a Comment ( 11 so far )
WHDC site announced new WinDbg release 22.214.171.124Read Full Post | Make a Comment ( 4 so far )
I had the chance to debug into CGroupPolicyObject::New method in GPEdit.dll since the call is failing.
My finding is that if a thread’s Security Impersonation Level is anything other than Anonymous, the call will fail.
SecurityAnonymous, SecurityIdentification, SecurityImpersonation, SecurityDelegation
The reason is that the code in this method is as follows ( this is my code guessed from disassembly):
HTOKEN hToken = NULL;
You see, they are opening the token without TOKEN_IMPERSONATE flag and SetThreadToken will throw error if this flas is not used in the access token. Reason why it works for anonymous level is OpenThreadToken fails and sets hToken to NULL. And the resulting call is SetThreadToken(0,NULL) which will succeed. See SetThreadToken() in MSDN.
Tool used: WinDbgRead Full Post | Make a Comment ( 5 so far )