[NTOS:KD64] kdx86.c: Fix Dr7 check to verify whether debugger disabling is allowed (#7538)

Don't check the whole Dr7 value, but only the first 8 bits that
correspond to the local/global enable breakpoints.

We cannot check the whole value because some of the Dr7 bits are
reserved always set to 1 (bit 10), or describe other debug state.

References:

- https://en.wikipedia.org/wiki/X86_debug_register#DR7_-_Debug_control

- Intel® 64 and IA-32 Architectures Software Developer’s Manual,
  Volume 3 (3A, 3B, 3C, & 3D): System Programming Guide
  https://www.intel.com/content/www/us/en/developer/articles/technical/intel-sdm.html
  Section "19.2.4 Debug Control Register (DR7)" (pgs. 644-646)

ntoskrnl/kd64/i386/kdx86.c

@@ -426,23 +426,19 @@ NTSTATUS
 NTAPI
 KdpAllowDisable(VOID)
 {
-    LONG i;
-    ULONG Dr7;
+    ULONG i;
 
     /* Loop every processor */
     for (i = 0; i < KeNumberProcessors; i++)
     {
-        /* Get its DR7 */
-        Dr7 =  KiProcessorBlock[i]->ProcessorState.SpecialRegisters.KernelDr7;
+        PKPROCESSOR_STATE ProcessorState = &KiProcessorBlock[i]->ProcessorState;
 
-        /* Check if any processor breakpoints are active */
-        if (Dr7 != 0)
-        {
-            /* We can't allow running without a debugger then */
+        /* If any processor breakpoints are active,
+         * we can't allow running without a debugger */
+        if (ProcessorState->SpecialRegisters.KernelDr7 & 0xFF)
             return STATUS_ACCESS_DENIED;
-        }
     }
 
-    /* No processor breakpoints; allow disabling the debugger */
+    /* No processor breakpoints, allow disabling the debugger */
     return STATUS_SUCCESS;
 }