How to determine which of 23 parameters are STATUS_INVALID_PARAMETER?

I'm trying to use BCryptEncrypt to authenticate some AAD but the function is failing with STATUS_INVALID_PARAMETER. BCryptEncrypt takes 10 parameters. One of the parameters is BCRYPT_AUTHENTICATED_CIPHER_MODE_INFO. BCRYPT_AUTHENTICATED_CIPHER_MODE_INFO takes another 13 parameters.

Running my test program results in:

>.\bcrypt-gmac.exe
BCryptEncrypt error, 0xc000000d (STATUS_INVALID_PARAMETER)

STATUS_INVALID_PARAMETER is not very helpful in this case.

My question is, how do I determine which of the 23 parameters is causing the error when using Bcrypt?

Is there a way to get extended error information, like through BcryptPropertyGet (maybe a LAST_ERROR_PARAMETER or something similar)?

Or does Microsoft expect us to guess at the problem? In this case, I guess the answer is, "you can't".

The Microsoft docs don't provide examples of using Bcrypt. I also cannot find helpful examples on Stack Overflow or MSDN. Even Writing Secure Code for Windows Vista fails to provide examples.

Here is the treatment in Writing Secure Code for Windows Vista. It amounts to pseudo-code, which is very disappointing:

I spent the better part of the day today struggling with this very issue. While I don't have a good way to answer your question as to how to determine, in a generic way, which parameter exactly is bad, I'll leave these few tidbits here for posterity:

1. The cbTag field of the BCRYPT_AUTHENTICATED_CIPHER_MODE_INFO needs to be set from the beginning. The pbTag isn't necessary until the final call that produces or verifies the tag, but cbTag must always be present.
2. The pbNonce field of the BCRYPT_AUTHENTICATED_CIPHER_MODE_INFO structure must remain set for all calls when chaining calls together (by using BCRYPT_AUTH_MODE_CHAIN_CALLS_FLAG).
3. All calls during a chain (again using BCRYPT_AUTH_MODE_CHAIN_CALLS_FLAG) of encryptions or decryptions, except for the last, must provide an input whose size is a multiple of the algorithm's block size. I think the documentation actually says this, but it's not abundantly clear when they explicitly tell you not to set the BCRYPT_BLOCK_PADDING flag (with authenticated ciphers).

The code I'm working on will eventually be part of the library here, which will hopefully provide a working example to the next person.