[PATCH 31/34 v1.2] Windows gdb+gdbserver: Check whether DBG_REPLY_LATER is available

[Pedro Alves <pedro@palves.net>]

On 2024-05-08 13:45, Eli Zaretskii wrote:

>> However, I found out that we can find the Windows major/minor/build in
>> the KUSER_SHARED_DATA structure, which defines the layout of a data
>> area that the kernel places at a pre-set address for sharing with
>> user-mode software:
>>
>>   https://www.geoffchappell.com/studies/windows/km/ntoskrnl/structs/kuser_shared_data/index.htm
>>
>> The Windows major/minor/build version retrieved using that method
>> bypasses the manifest stuff, it actually gets you the real OS version
>> numbers.  That is what this patch is using.
> 
> ...do we really need to do this via a version-check?  Can't we instead
> just call ContinueDebugEvent and if it fails, consider DBG_REPLY_LATER
> unsupported?  (If calling ContinueDebugEvent with that flag on older
> versions of Windows causes an exception, we could use try/catch.)  If
> this works, it is a more reliable way to test, IMO and IME.  I think
> we should prefer that to poking kernel data structures.

We need to know whether DBG_REPLY_LATER will work before starting the inferior.
And we can only call ContinueDebugEvent after starting some inferior, and
after the kernel returns an event for it via WaitForDebugEvent.

Hannes on IRC suggested using RtlGetVersion, which is exported by ntdll.dll.
I tried it, and it works nicely.  Looking around the web, I see suggestions to
use that on stockoverflow, blogs, etc.  I don't know why I didn't run into
that one before.  Maybe because the MSFT page describing it says it is
"kernel-mode":

 https://learn.microsoft.com/en-us/windows-hardware/drivers/ddi/wdm/nf-wdm-rtlgetversion

In truth, you can call it in user mode just fine.

Here is a version of the patch using that function.  Much simpler!

From 4331947c4728071b2d53011bf7d70bd0ab7c4e93 Mon Sep 17 00:00:00 2001
From: Pedro Alves <pedro@palves.net>
Date: Wed, 8 May 2024 21:14:26 +0100
Subject: [PATCH] Windows gdb+gdbserver: Check whether DBG_REPLY_LATER is
 available

Per
<https://learn.microsoft.com/en-us/windows/win32/api/debugapi/nf-debugapi-continuedebugevent>,
DBG_REPLY_LATER is "Supported in Windows 10, version 1507 or above, ..."

We need to know whether DBG_REPLY_LATER is available before starting
any inferior.

On Linux, we check which ptrace options are supported by the running
kernel by forking gdb and then the parent gdb debugging the child gdb
with PTRACE_ME, and then trying to set the ptrace options.

Doing something like that on Windows would be more complicated,
because we can't just fork, we have to start some executable, and the
only executable we know we can start, probably, is gdb itself.  And
that's a large program, so takes time to be started.  And then we'd
have to implement a WaitForDebugEvent loop to start up the process,
and then finally try ContinueDebugEvent(DBG_REPLY_LATER).

It's a lot simpler to just check the Windows version.  Unlike on
Linux, we don't have to worry about kernel feature backports.  This
patch does that.

Change-Id: Ia27b981aeecaeef430ec90cebc5b3abdce00449d
---
 gdb/nat/windows-nat.c | 56 +++++++++++++++++++++++++++++++++++++++++++
 gdb/nat/windows-nat.h |  8 +++++++
 2 files changed, 64 insertions(+)

diff --git a/gdb/nat/windows-nat.c b/gdb/nat/windows-nat.c
index 4fd717e6521..a7383276ec2 100644
--- a/gdb/nat/windows-nat.c
+++ b/gdb/nat/windows-nat.c
@@ -40,6 +40,7 @@ namespace windows_nat
    ContinueDebugEvent.  */
 static DEBUG_EVENT last_wait_event;
 
+RtlGetVersion_ftype *RtlGetVersion;
 AdjustTokenPrivileges_ftype *AdjustTokenPrivileges;
 DebugActiveProcessStop_ftype *DebugActiveProcessStop;
 DebugBreakProcess_ftype *DebugBreakProcess;
@@ -939,6 +940,57 @@ disable_randomization_available ()
 	  && DeleteProcThreadAttributeList != nullptr);
 }
 
+/* Helper for dbg_reply_later_available.  Does the actual work, while
+   dbg_reply_later_available handles caching.  */
+
+static bool
+dbg_reply_later_available_1 ()
+{
+  /* Windows has a number of functions you can use to check the OS
+     version, like GetVersion/GetVersionEx, or the Version Helper
+     functions like IsWindows10OrGreater, VerifyVersionInfo, etc.
+     However, as explained by:
+
+       https://learn.microsoft.com/en-us/windows/win32/api/sysinfoapi/nf-sysinfoapi-getversionexa
+
+     ... and other pages, "Applications not manifested for Windows 8.1
+     or Windows 10 will return the Windows 8 OS version value (6.2)."
+
+     RtlGetVersion is simpler because it bypasses the manifest
+     machinery.  */
+
+  /* We require Windows XP, and RtlGetVersion exists since Windows
+     2000.  */
+  gdb_assert (RtlGetVersion != nullptr);
+
+  OSVERSIONINFOW version_info;
+  version_info.dwOSVersionInfoSize = sizeof (OSVERSIONINFOW);
+  /* This is documented to always succeed.  */
+  gdb_assert (RtlGetVersion (&version_info) == 0);
+
+  debug_printf ("gdb: Windows version: major=%d, minor=%d, build=%d\n",
+		version_info.dwMajorVersion,
+		version_info.dwMinorVersion,
+		version_info.dwBuildNumber);
+
+  /* DBG_REPLY_LATER is supported since Windows 10, Version 1507,
+     which is reported as build number 10240.  */
+  return (version_info.dwMajorVersion > 10
+	  || (version_info.dwMajorVersion == 10
+	      && version_info.dwBuildNumber >= 10240));
+}
+
+/* See windows-nat.h.  */
+
+bool
+dbg_reply_later_available ()
+{
+  static int available = -1;
+  if (available == -1)
+    available = dbg_reply_later_available_1 ();
+  return available;
+}
+
 /* See windows-nat.h.  */
 
 bool
@@ -950,6 +1002,10 @@ initialize_loadable ()
 #define GPA(m, func)					\
   func = (func ## _ftype *) GetProcAddress (m, #func)
 
+  hm = LoadLibrary (TEXT ("ntdll.dll"));
+  if (hm)
+    GPA (hm, RtlGetVersion);
+
   hm = LoadLibrary (TEXT ("kernel32.dll"));
   if (hm)
     {
diff --git a/gdb/nat/windows-nat.h b/gdb/nat/windows-nat.h
index 2efb54e1ce7..cee710e07d4 100644
--- a/gdb/nat/windows-nat.h
+++ b/gdb/nat/windows-nat.h
@@ -295,6 +295,7 @@ extern BOOL create_process (const wchar_t *image, wchar_t *command_line,
 			    PROCESS_INFORMATION *process_info);
 #endif /* __CYGWIN__ */
 
+#define RtlGetVersion			dyn_RtlGetVersion
 #define AdjustTokenPrivileges		dyn_AdjustTokenPrivileges
 #define DebugActiveProcessStop		dyn_DebugActiveProcessStop
 #define DebugBreakProcess		dyn_DebugBreakProcess
@@ -322,6 +323,9 @@ extern BOOL create_process (const wchar_t *image, wchar_t *command_line,
 #define UpdateProcThreadAttribute dyn_UpdateProcThreadAttribute
 #define DeleteProcThreadAttributeList dyn_DeleteProcThreadAttributeList
 
+typedef NTSTATUS NTAPI (RtlGetVersion_ftype) (PRTL_OSVERSIONINFOW);
+extern RtlGetVersion_ftype *RtlGetVersion;
+
 typedef BOOL WINAPI (AdjustTokenPrivileges_ftype) (HANDLE, BOOL,
 						   PTOKEN_PRIVILEGES,
 						   DWORD, PTOKEN_PRIVILEGES,
@@ -415,6 +419,10 @@ extern DeleteProcThreadAttributeList_ftype *DeleteProcThreadAttributeList;
 
 extern bool disable_randomization_available ();
 
+/* Return true if it's possible to use DBG_REPLY_LATER with
+   ContinueDebugEvent on this host.  */
+extern bool dbg_reply_later_available ();
+
 /* Load any functions which may not be available in ancient versions
    of Windows.  */
 

-- 
2.43.2