Windows 11 & Checked Builds

It's been a minute since I found myself in the wonderful world of systems development. Can anyone offer guidance on how best to obtain a Checked Build of the OS these days, or is it no longer "a thing".

Once upon a time one could download these with an MSDN subscription (which i have). However it appears as of ~Windows 10 Microsoft moved to a "partially checked" modal? Where one locates the checked equivlanet of their binaries and manually copies them across?

My feeble attempts to find any recent information lead me to various posts stating "They're in the WDK, maybe in a self extracting exe", "They're on someting called Dreamspark", etc etc.

Anyone attempted this recently?
Jason

The visual studio subscription download section might have an iso for some version of win11. However, there really is no need for it in most cases. Why do you think you need it?

Yea, as mentioned, it's not there. As I understood things, once upon a time this was best practice due to additional memory checks etc

For example: The NT Insider:Just Checking Revisited -- Installing a Partially Checked Build states:

"No driver has been sufficiently tested for release until it runs on the checked build without displaying obvious problems. Let me repeat myself for emphasis: No driver has been sufficiently tested until it has run on the checked build without problems."

Although I appreciate this is 20Y old, I thought it would still be relevant?
Jason

Well things have changed. Running your driver with verifier enabled is a much less fraught way of basic validation. The fact that it is difficult to even find a checked build is a major clue.

The checked build has sadly been dead for quite a while now...

It's unfortunate because I do believe it is helpful in validating whether or not my driver is (possibly) correct. If I have a system that runs the checked build fine but then hits an ASSERT when my driver is loaded then something is clearly off somewhere. And this is beyond just what Verifier will catch because, for example, my file system filter might trigger an ASSERT in NTFS (been there, done that :joy:).

The downside to the checked build is that the ASSERTs really only make sense if you have source code. There was a time when MSDN tried to document checked build ASSERTs, but as you can imagine that's not really a sustainable solution. Then things got worse when they moved to the NT_ASSERT macro which stores the ASSERT string in the PDB instead of the image. And, of course, the public PDBs don't have those strings...

That being said I wish they'd still just publish the checked build. I'd gladly spend time hunting down why an ASSERT is happening if it would save me from some problem in the field a year from now. There are still some older Win7/Win8 checked builds available in "My Visual Studio Downloads" and they mostly run fine in VMware. I still use them as part of testing when possible just in case they find something interesting.

It should also be said that static analysis as a science is far more advanced and can detect far more problems than ever before. And in that light is is even more disappointing that they gave up on SAL - compile time assertions.