So, doing these patches for 2.42 and above, requires going through a bunch of steps, which you really just need to walk through yourself, to see how it all works, versus writing up an entire novel on here trying to explain it...
You need to follow the steps for unpacking the firmware file, de-compressing the 'nk.bin' WindowsCE image, and locating the DLL within that image, you can just find it by using a hex editor, etc, and finding hex patterns...
As safar explained, the 'nk.bin' has checksums for blocks of data, so when you apply the patches into the DLL spots within the nk.bin (decompressed), you need to also fix the checksum for that block. It's a standard 'checksum' algorithm, using single byte as input data (ie versus 16-bit, 32-bit etc 'symbols' for checksum), ie in Safar's post he called it 'UByte8Bit', as other programs tend to say that as well..
A trial one I found that makes it easy is the '010 Editor', it does that checksum calc, as well as many others..
If I were you, I'd download the 2.42 firmware, unpack it, and follow the info that Safar mention in his post... once you can understand what he did, and the locations he patched, you can do it to 2.43 as well....
Hi, yes I use IDA for find code and 010 Editor for patch.
I try to explain algorithm (with all steps as it can used by somebody else):
1. Get nk.bin.comp from FW file (ksx = cab) - I use WinRAR, but many arc programs can extract files from CAB.
2. Decompress nk.bin.comp by "bincompress.exe /d nk.bin.comp nk.bin".
3. Extract infiniiVisionCore.dll with Remaker for WinCE5.
4. Open dll in IDA and find asm code for patch - Sorry, but I don't explain how as it need to write lot info here.
5. With sync screens in HexView of IDA I look for patch hex code and for nearest area "signature" code also for find it in nk.bin (12..20 bytes for unique found result).
6. (As I lazy for remember bin structure I just to) Make DataTable with "viewbin.exe -d nk.bin > data.txt" - beware output file is very big - about 113 MB for 2.43.
7. Open nk.bin in Hex Editor and use "signature" code for find patch place (actually I use "find all" and if here is more than 1 result I try to expand "signature" for search).
8. Make patch in this place.
9. Open data.txt and find same "signature" - you found it in some Record [ ] block ([160] for 2.43). Here we need start Record signature for find it in Hex Editor, Record Length And Checksum (checksum is backwards in file as it LittleEndian code). Of course you can look for bin structure and make it more smart.
10. Find Record start signature - 4 bytes before start position is Checksum - compare it with data.txt (remember for back order). Here I bookmarked position.
11. Select block in editor with start on start Record position and Length from data.txt.
12. Calc checksum UByte8Bit.
13. Turn back to bookmark and correct checksum (4 bytes before start, and remember for back order).
14. Save as patched_nk.bin.
15. Compress it to nk.bin.comp by "bincompress.exe /c nk.bin nk.bin.comp".
16. Flash scope, but kill infiniiVision process before.
17. Reboot scope.
I attach all tools here