um as a reminder like all my other classes this one's licensed create of Commons it's public released it's available in my trans and public police board and um actually I was just going to throw this in there but um see I I did just make so the point of feeling them public police was to get other people to start teaching them so point is once you know this material good enough you know feel free to take it and teach other people in your department or section or whatever uh and so I do have the uh the slides and everything available online at open securitytraining doino and so that's going to be we're going to be grabbing uh other people's materials from other classes and just soliciting their volunteers from other people all right so uh first some credits uh for people who've contributed information in this class uh or helped review it like my life um but the point here is if you uh if you have any ideas if you you know bring up any questions that lead to uh new information that I had previously covered and stuff like that I'll uh credit you for for you know telling me stuff that I Incorporated to the slides so uh later on there's some material by Rong uh where he he pointed out that how how Google's a native client or medal uh browser protection software or browser plug-in protection software uh it uses some of the segmentation type stuff that we're going to learn about today and then Christina John's just in the intermediate class this year down in mle uh she pointed out uh some good information about how the bu descript table which we'll learn about later how that works on Linux and that sort of uh brought up a good point about how it probably works on Windows as well I haven't got around to comping it yet but uh when I get there I'll point this out I haven't uh put that into the SL so uh at the beginning as usual we're going to go around the room introduce ourselves it's less for me because I know most of the people who Tak the classes it's more for introducing yourselves to the other students obviously if you're all in the same class you all have some common interest in this so probably good to know who else has common interest throughout a lot of you have but um but kind of the point with uh this class is that we are trying to build up so the point was we know that we have lots of people who want to do Mal analysis reverse engineering so actually separated Mal reverse engineering because for instance I do reverse engineering on you know the kernel for instance but there's a world of difference between reverse engineering just some regular compiler generated code and reverse engineering malware which is actually trying to screw with you so I think those are sort of two different things but the point was we knew that there's people who need to know these sort of skills exp engineering and so this class is going to get you farther you know it shows some I think in a newer version of this I have a you know recommended line yeah so anyways the point is there's a lot of stuff you need to know in order to get to those final States this is trying to give you a more uh gradual transition there and so the more of the of the blue stuff you know the the easier it is to go to the Future ones yeah and actually I I didn't uh this this is an old slide so actually reverse engineering is approved right it's going to be approved this will be in um in so that is approved actually and vulnerability and exploits is approved as well Cory is going to teach that in uh first week of June but yes Mal analysis trying to Target for next fall or something fall winter some depends on again math schedule uh and advanced x86 probably maybe winter maybe spring next year but that's all I'm going to be teaching next year so the all the ones that are currently blue will be on video available next year I think on the reverse engineering and vulnerability exploits because they're new instructors they're not NE really going to have videos on those this year oh that's a good point rot kits I haven't offered yet but that is going to be um first week of April I believe and maybe third week of April and life binaries is one that we already offered all right I think we got everyone for introductions so uh we're really you know compared to some things like life for binaries where we were trying to hit like a ton of things ostensively we're only covering a few topics here but we're covering them very deep so there's a lot of information so part one is going to be segmentation which is memory segmentation it's how x86 Can U Can Chunk Up memory and say that you know here's one memory segment and it's code and here's one seg segment and it's uh you know data that sort of thing uh paging is how they go finer granularity than memory segments memory segments can apply just to actual physical memory like sort of one to one paging is when you start having virtual memory uh and so we'll get into that later interrupts oh and I should say that segmentation actually the reason we're doing it first is because segmentation kind of underlies everything else so you'll see the effects of segmentation on paging later you'll see the effects on interrupts and maybe debugging not so much debugging kind of but not not really so at the very end we're going to start getting into the stuff which is uh definitely so the first three are sort of of uh for instance for the malare analyst type people the first three are things which are good for you know understanding the system good for reversing Kel malware and stuff like that and then the part four is uh going to be some of the very practical stuff about you know understanding how your tools work understanding how debugging Works input output and miscellaneous speaking of miscellaneous uh if you have questions you need to ask them right away this is definitely again one of those classes where we're just really hammering on content so if you get lost and if you don't ask questions and reiterate your understanding and say okay so wait was that again The Logical address goes to line your address how blah blah blah right so there's going to be lots of terms and all that so definitely please ask your questions when you have them people on the phone just you know shout out interrupt I'm not going to get offended um and yeah if you're checking the web and uh you know reading emailing class that's a great way to get lost I definitely in when we have you know full classes I always see one or two people who you know they're they're so busy they got to keep checking their email uh they get lost and and they take it multiple years in a row so how we're going to be um how we're going to be doing this since uh this seems to be working right now the first uh two hours we're going to go 2 hours while I have your attention while you have energy Etc 2 hours 10 minute break and then it's another two I think it's 2 hours 10-minute break and then 1 and 1/2 hours and then lunch and then after lunch you'll be falling asleep please eat a light lunch so that you don't fall asleep but after lunch we'll take a break every hour 5 minutes all right so the basic scope of the class like the intro X 861 is that um we're only talking 32-bit stuff not 64-bit and or not 16 bit as well I think in the advanced xa6 we're going to take this back and learn some 16 bit because that's relevant for bios and some 64-bit as well just for purposes of explaining what all is there um I'm not going to deal with floating Point stuff again you don't really see that that much unless you're analyzing you know 3D drivers or something like that and so really this class unlike the intro class where the point of it was to get you the basic instruction so that if you read you know small Snippets of assembly you're comfortable with them this one is going to focus more on the underlying architectural issues that uh could potentially uh have effects when you're analyzing things there will be a few new instructions but uh they're really just some of them are just thrown in because they are other things that you may see in the wild and it's relevant for you to know so the main thing I'm hoping you get out of this class is a better understanding of how OS is used the x86 architecture so we're focusing on Windows in here but really everything we're learning relates directly over to Linux type things you know there may be differences in implementation but fundamentally os's and virtualization systems uh they both work with what they've got and what they've got is whatever Intel gives them so they only have whatever capabilities are exposed by the hardware and so knowing those capabilities means you can look at this OS and that OS and you know on both of them you know how the interupts are working you know on both of them oh you know they're using or not using segmentation Etc um and especially since you know we're coming at it from my own security while while these classes are you know supposedly meant to be you know generic and uh help you know developers and security people and everything mostly I've only been getting interest from the security people so we at this point we just Abandon All context of generic and most of our examples are security examples so uh it's especially good to know where the hardware is actually exporting the security how the hardware is enforcing the security rather and yeah just to get you curious and want to keep digging in more for whatever uh I don't really cover to your satisfaction all right so before we begin we're going to do a little quick quiz on uh the instructions that we learned in the previous class so uh Matt what's that first one no nothing um add something something I can't remember yeah you know I was going to ask what the anyone else remember what the underlying uh instruction actually is for no so we said that's actually a no it's you know no up is a neonic but in reality the hardware is doing a particular one yes is it adding to the next conru no it does do that I mean it obviously just it it skips it and it goes you know one instruction forward but did you have a guess one of the operators I can't remember is not one of the arithmetic operators how about anyone on the phone except for oh there we go just no Jessica's wrong uh anyone else have remember what the underlying thing with noop is remember the only reason we covered it is because generally people who know x86 have never looked up the manual page for noop and they don't know this little bit of trivia isn't it exchange ex ex ex that is correct who is that Adam yeah all right good yes it's exchange eax eax so take a register and you exchange it in the register which is itself and therefore it does nothing all right good job how about all right P your pop yep so what are the side effects of of adding the value to a stack and removing it side effects in terms of changes to registers yep so remember that uh the stack grows towards low addresses so on pushes you're putting something on the stack you're moving the ESP lower so it's decremented and when you pop something off the stack you're taking it back off the stack is getting smaller but it goes towards positive addresses and so it's incremented all right uh call and return you uh resetting the EVP to the appropriate place and then jumping into the right code not you're thinking definitely of the exit sequence but that exit sequence is typically uh multiple instructions or uh some other instruction which is on the slide but uh no or can you find the other instruction which is the thing which actually replaces the restores the EVP that's actually the leave instruction at the very bottom so the leave instruction we had said was actually kind of like two instructions we typically see at the very end of the code it takes it takes and it uh moves ESP to EBP or moves EBP to ESP rather which like we said if you take EBP is always stored at the top of the stack frame and ESP is down here you know growing and shrinking or whatever and we said if you take ESP and you put in the address of EBP you're setting ESP back up here and it basically is wiping out all of your local variables you're it back to the very beginning of the stack frame and then it also does pop EVP which says you know the stack frame is usually pointing at a saved EBP for the previous stack frame because there're that sort of linked list of Stack frames and so it does pop EBP and then you're now EBP is pointing at the next stack frame and so typically you would see a return after that but then the question is what does the return actually do after you've done a leave so you were on the right track before okay so you'd said it goes back to where it's supposed to right so the return is actually it assumes that whatever's on the top of the stack that's a saved instruction pointer and it just basically pops it off and sets the instruction pointer to that so uh basically when you call something the side effect is call instructions push the address of the next instruction onto the stack and when you return it's taking that thing which the call had saved there and popping it off the second and going to the instruction after the call instruction basically yep all right uh Reed move in Lea sure so move lets you take a value in one register and move it into another register yeah what were the three forms of move so you can do register of register you can do uh memory address to register I think you can also do interpret about you can do immediate to register as well can't you yes I think for the memory address it's actually you have to have the address stored in a register and you the command to that address exactly you're thinking of the square brackets and we said last time per convention in Intel syntax square brackets mean go to memory at that location so you said store memory address into register it's actually store the contents of memory into the register so you take the address in the EA you go to memory at that address put it in the register or take a register and put it in memory so yeah there were actually four forms memory to register sorry register register memory to register register to memory and immediate to register remember immediate was basically a constant which is just hardcoded into the instruction scen so if you say move X beef to eax you have the move instruction op codes and then you have hex be in line and then what about Lea what was the difference with Lea versus move first of all what does it stand for remember right Ariel else all right yep I think that was Jessica load effective address all right and so therefore Jessica what was the difference between um what was the difference between Ela and move in particular we said there was a difference in convention but you know what does that mean I'm guessing I admit it but I think it's that we when we Lea were dealing with the address removing the address around move actually moves the value correct yes so we said Lea was that one exception to that quasi rule which we were saying if you see square brackets that means go to memory whether it's move instruction add instruction pop instruction if there's angle bracket if there's square brackets around you know something the instruction is saying go to treat whatever's inside the square brackets as the memory address go to memory and then you know move that or pop it or add it whatever with Lea we said in that case since it's load effective address it's more like you're doing maybe pointer arithmetic or something like that and so you're saying you know take whatever's inside maybe you do that complex you know eax + 4 * ebx plus you know 32 something that maybe you're doing a complex statement like that but the stuff inside the square brackets is just ultimately treated as an address and move the result is moved in and you're not actually going to mem of that location so yep that's correct add and subtract or just add and subtract right but um the only thing I would say is if we remember the bill over to the board just as a reminder in terms of Intel versus AT&T syntax if we doing add eax it evx you know how do we interpret this what's going where it's actually e ax = e ax plus ebx right and it's actually the exact opposite of that on AT&T syntax but we'll not worry about that right so AT&T syntax flips stuff around destination all right how about uh someone on the phone uh jump and JCC what are those two so first jump all right Cory is saying jump changes EIP to the specified address after the uh jump so what are the different forms of jump Cory we didn't actually learn this in last class but we'll see yep so far short jump depending on how far the address is away so there he's saying there were different forms of jump one of them will maybe use just one bite in order to say there's some address that's you know within plus or minus well whether it's in plus 128 or minus 127 bytes away it can jump It's I would say those are jump relative things so there's jump relative things which say wherever I am currently take the next address and add or subtract however many B and that can be a one one B uh offset or it can be a 4 by so that would be far or short uh what else do an absolute yep you can do an absolute jump so that's saying you know I'm just specifying here's the exact address I want to go to right now and Cory is saying one more thing yep so that's what Ariel just said dead beef can be you know an absolute thing and uh and then actually I would say there's also uh there's indirect absolute for instance there's absolute absolute where you're like putting an immediate and then there's indirect where you're saying you know here's eax and I want to jump to wherever e is pointing and then there's actually an inter segment jump which we definitely didn't learn last time but once we learn about segmentation today I'll maybe remember to come back but it's just saying all those other jumps are within the same segment memory segment so you got chunk of memory and it's all just bouncing around inside there are actually other jumps which bounce you out to some other segment so for what it's worth all right how about uh JCC someone else on the phone uh do you remember what uh what the point of that that JCC pneumonic was we don't actually see instructions called JCC but uh but what was that trying to imp all right yep so David said it's jump conditional so the CC was conditioning code so give me some examples of different conditional jumps that we had seen yep j& e that was jump if not equal to right that was also called j and z so the issue with those conditional ones is they have typically like two names so you can say JUMP if not equal or you can say JUMP if not zero because it turns out equality is just measured with the zero flag so in that e Flags register we said there's a bunch of different little one bit fields which get set automatically on every single instruction if they modify e Flags they're always going to set those and so jump not zero jump not equal it's really up to you to determine whe which makes more sense to you same thing with you know you can say something is Jump less than or you can say JUMP not greater than or equal to right so there's a whole there's like whatever four pages worth of jumps if you ever want to look it up I usually try not toh care about the what condition flags are set I just use some simple ones like not zero and if it's anything more non obvious than that like jump below or equal where I'm trying to remember what is below versus less than because one signed and one's unsigned I usually just go consult the manual or just step over the instruction and see where it went and say oh okay that's what it was checking all right uh compare and test who else do we have that took the last class let seeing anyone else but does anyone know on the phone what the compare and Test instructions are equivalent to uh we said that in reality there were like compare is like one instruction but it throws the result away and just sets the flags test is like another instruction and it just throws the result away and sets the flags all right so we got Adam buzzing in and Le Consulting is manual out of sight yes compare instruction is like sub instruction so it's like a subtract it takes you know the if if that ad was ax ebx we had sub or sorry if we had compare eax ebx we would take eax minus ebx and then it would just set the flags based on that so it's like if they were both the same thing right it would be a minus a equals z so you know the zero flag would be set or something like that right so compare is just a sub what about uh the test instruction anyone remember what that is how about anyone in the room a what and correct yes it is an and instruction there we go Jessica got it as well so test is just an and instruction so you do logical and bitwise you just take all the things if one and one one all that sort of thing if you add zero and zero then you would have or zero and anything you're going to have zero result zero FL would be set Etc all right good getting everything and or X or not just you know those are just your standard logical operations what about this shr shl s s yeah shift and I believe that shrl move the bits and and apply Zer the other one rotates and not quite but close yes so she said yeah correct these are the shift operations and they're bit shifts where you're taking you know some bit and you're moving them left or you're moving them right and then there was this difference between logical shifts and arithmetic shift bill can we go over to the board so she was close it wasn't quite a rotate where you would assume one bit falls off one side and Pops around to the other side it's close well it's not it's not quite like that so how it works is let's say I have uh P ax equals you know 12 or something like that so that' be 84 0 0 0 right so that's 12 I'm just going to pretend on a 4 bit thing here if I was going to do a uh if I took that and I did shift let's see let's two left uh you know two the two specifies how many bits to shift the L for left shifts that way and so in this case I basically take each of these bits and move them left by two so this would it you pretend it's doing it like one at a time and so it would go 0 0 0 1 and then it would go 0 0 0 0 and uh and here you can see that essentially when we're shifting everything over each time we feel the least significant bid in with zero now this is actually the case always for left shifts whether it's logical or arithmetic that's sort of the uh the redundancy I don't know how you want to say it but there's two instructions for but in reality they're they're both doing the same thing here any left shift whether shift arithmetic left or shift logical left it goes that way the is issue is when you're shifting right this is where the difference between logical and arithmetic is so if I have 1 1 0 0 and I do a shift logical right by let's say two bits what I would expect is it would go 0 1 1 0 and then 0 0 1 1 right so this basically fills in again Zer at the most significant bit now that's fine when you're dealing with unsigned numbers but if we recall with signed numbers the the way that we break up the memory space is that there's always one in the most significant bit of signed numbers and so therefore if you're doing this and if this is you know not actually positive 12 but this is in reality whatever it is negative thinking3 -4 all right so if this were actually -3 and you're shifting uh right by one bit which we know that shifting right is sort of like dividing by two shifting left is sort of like multiplying by two for every bit that you're moving one way or the other you don't want it to be the case that when you uh when you're that right don't you add you're right you're adding one but that was let's see oh that's Nega one there we go it4 yeah I was like that doesn't work yeah that was1 that was -2 that was 34 so sorry this is4 the point is when you're shifting right but you're ne4 you don't want it to like you want it to be divided by two right if I shift it by one I want -4 to turn into -2 but we're going to change this to a shift one now if we do a shift arithmetic left or right rather you shift the arithmetic right by one and this was the -4 you want it to be like this it goes 1 1 1 0 which as we said over here is -2 so everything works out in that case because we've always put a one in for the most significant bet when we're doing an arithmetic right shift so that was again the difference between logical and arithmetic typically logical can be used for unsigned numbers arithmetic has to be used for sign numbers if you go back to the example six in the intro class we had that one case where we just had we're doing multiply and divide and the compiler turned it into shifts but if you change the variables from unsigned to sign all of a sudden you get much more complex things that deal with arithmetics so does it actually always put the one in or does it put in whatever the most signicant yes sorry yes that was uh I Mis explain that in reality it always puts in whatever at the time of the shift whatever the most significant bit was it always puts that in so if this were some positive number like you know 01 one1 right you don't want it like automatically adding a one because then it just completely change it right so in this case it would go 0 01 one and everything would still work out in positive land yes thank you all right so that was the shifts uh how about IMO and div uh does anyone remember uh what was going on with those what they are and maybe a little bit about why we saw imol but not Mo and yes as William said for those shifts one you always use for for sign anyone on the phone remember imol versus div I mean should be obvious basically what they are anyone shout out what you think they are yes what's IMO multiply yes what kind of multiply that's what you're not remember signed multiply yes I believe it is assigned multiply but even I'm forgetting that so there you go uh so if that's a sign multiply then uh the div is an unsigned divide the issue we had in the intro class was that uh for well it's not for whatever reason we eventually found the reason someone found the reason and I forget that as well uh Visual Studio very much prefers the imall over the mall so it always wants to use that I believe is signed multiply but we can check quick because we still have the intro x86 slides on the desktop right there we go oh maybe we don't we don't have the slides we just have the code so let's look at the manual rtfm yo M yes sign multiply there we go for whatever reason Visual Studio loves the uh the multiply and if we had our intro slides we would know why but I don't recall that in the all right and then finally uh rep St and rep move um well I think the reason we saw it in in last class was imol is a very special Little Instruction because it's like the only x86 instruction that has where is that yeah it's the only X6 instruction that takes like three Arguments for whatever reason they have a three argument form so let's see here take your destination is a 32 is a register you got a 32-bit register you've got an RM 32 which we said in the previous class can be that complex instru expression with the square brackets where it's you know e it's base plus uh scale time index time scale plus displacement right so that can be specifying some sort of memory address but then you can also be adding in another immediate 32 in here so uh the reason we saw it was because of that type of instruction as for what it does uh that a mole doesn't do I don't remember again sorry I'd have to go check the slides I'll check them at break and I'll come back with an answer to that all right so rep STS and rep move anyone in here remember what the rep STS did saw towards the end it was one of the last instructions it repeats something all right how about anyone on the phone what is rep repeating what sort of action is it taking all right Jessica's chumming in well Cory's taking over the lead oh no she already said it yes repeat store string okay so we saw like these two examples of repeat and they both sort of had a similar mechanism where they were setting up some registers and doing something repeatedly so Jessica do you remember what registers uh repto was setting and uh and that essentially tells you you know what sort of storing it's doing like Cory's answer or some kind of stream operation kind of pH stream operation all right so yes she's right that all the rep instructions use the uh yeah X register are you like quoting me from the air there or are you quoting me from the slides there yeah that's what I thought all right so I'm just going to say what that does then cheater rep St was repeat stor string stor string uh over to the board Bill and specifically we had seen it when we were looking at some Visual Studio code where we didn't turn off the uh one of its sanity check type uh one of its sanity check options where it was checking the stack in order to look for corruption not in a security way not like your GS stack hookie or anything it was just trying to sanity check that there is nothing corrupt on the stack uh and so repas bace there uh it basically sets you know eax equals count and that's the count of how many times you want to do the certain operation so this will be either copying one bite or four bytes at a time and the ECX is the count so basically the instruction does this you know uh this store store stuff does the store once decrements ECX does it again decrements ECX so ECX keeps going down and this instruction stops whenever ECX equals z then it goes ahead and moves on to the next instruction the other thing it had was uh EDI equal to the destination destination right so wherever it's storing to to this is wherever it's going to be storing to so again it's either storing one b or four bytes at a time and so if it's storing one B it takes EDI and it's saying you know write one bite here and then move EDI increment EDI by one by increment EDI by one by increment EDI by one B if it's doing a 4 by thing it increments EDI by 4 bytes each time so write four bytes plus 4 bytes right four bytes plus 4 bytes so keep in mind these are different ECX doesn't care what the size of the in the operation is it just decrements by one every time that's a count of how many times to do it and EDI it'll increment by whatever the size is because you're not obviously going to be wanting you know if you're writing one bite you want to write one bite like that if you're writing four bytes you want to write like that right you don't want to be writing four bytes like that and then four B like that and then four byes like that maybe you do but you're not so uh finally the discriminator here with rep St was eax equals eax or let's call this parentheses around eax and actually that even doesn't work it's either Al l or E ax is the data to write at one or four bytes at a time his question was are those set up in previous instructions and yes anytime you see a rep St you expect like pretty much immediately preceding them there's going to be some move something to ECX there's going to be some move something to EDI move something to eax or they maybe move it to eax but it'll only be actually using the AL part of it the lower remember we said uh for our general purpose registers for at least four of them they can be broken up like ax ax and then a high and a low so there's one bite a low there's one bite a high there's an ax for the entire thing and there's extended ax for all that right so those get set up the immediately before the instruction and then you say go ahead repas go and in reality this repas is going to look more like you know repos DS which you don't know yet but that's a segment uh register DS EDI or something like that and so it's really just saying EDI you know right four byes right B and it's going to do this ECX number of times storing to EDI incrementing each time as it goes storing whatever is in the ax ECX now having said that does anyone remember what the difference is with rep movees now we saw rep move s when we were searching we were searching for it and where we were searching was in a M Copy we were looking at the M Copy Library code in uh visual Studios runtime C library we dug into mem copy and we kept stepping into it until we eventually hit a rep mve so the question is if rep mve is like a M Copy how was it different from this ECA or rep St does anyone remember that anyone on the phone or's taking a shot all right it comes the value I'm filling in instead of coming from eax is coming from memory as well where in memory as well is it coming from for yesi that's correct so in rep move us that's the same that's the same but now this is ESI which is the source right so we're taking from source and we're going to go from memory we're going to say take from Source copy two death EDI and copy ECX number of times and you know whatever size it is based on this I probably didn't put in here as well but in Intel syntax you'll maybe see something like white pointer or like BW pointer that'll tell you what size it's actually doing in reality if we go fast in this class we'll get to instruction size prefixes and stuff like that at the end and then we'll be able to figure out by looking at the actual op codes whether it's one or four bytes and stuff like that but similarly over here you have rep move s uh you know B pointer or dword pointer and then it's going to be doing something like DS uh EDI and Es ESI it's saying from source to destination right we're copying from the right to left as with all inel syntax things go to memory at ESI grab out a chunk of memory 1 or 4 by big copy it to memory at EDI 1 or 4 by big do it e PCX number of times no matter what the size is so this is for instance yes uh Jessica's got a question in the chat okay would you see this anywhere else but mem copy um you would potentially I mean if you're writing your own mem copy you would do this if you go back to the life of binaries class when I was writing the virus example uh I used a rep move in order to copy the virus into uh the memory space of like some buffer which gets written so the virus copies itself so it points at its own code copies its own code out to uh the buffer which gets written to the end of appended to the infected file um generally speaking I would say that mem Copy Type places are the most you're going to really see this other than uh inline assembly that people are writing that's my own impression I don't know if that's I can't back that up with any numbers so but yeah basically that's where I would expect it to see the most and then Mike did you have a question or comment like maybe all right well he's typing I'm going to finish this off and then leave instruction we said before leave was really those two instructions combined move EVP to ESP pop EVP yes question so on the example up there on the ref store Us Al would indicate a one B move ex the other instruction how would you indicate a one B move well that's really it it ends up being it's actually behind the scenes in the op codes and prefixes which are used on the op codes so the only way you can tell by looking at the instruction is whether there's a bite pointer included in the actual assembly that you're looking at it'll either say rep move s bite pointer DS and then you'll know it's copying bite at a time or it'll say dword pointer and you'll know it's copying four byes at a time that's how and in AT&T syntax it's a little different I think they may have move SD or move SB or something yeah definitely have like move SB so let's see what Mike is saying all right so Mike was asking if copying from one memory location to another isn't there a more efficient way to copy does this Force the mem copy to copy all data through the CPU yeah so if he's going if he's uh Mike if you're getting for the point of you know something like dma right so dma is direct uh memory access and so if you know peripherals or something need to move big chunks of memory around the whole point of dma is to cut the CPU out of the loop it just like it can just Access Memory directly and copy it to wherever wherever else in memory it wants to but yes in answer to this question this does go through the CPU right if you're doing a r move s it's the CPU going out and talking to memory and say dear memory bus you know give me this value and then I want to go put that in there give me that value and I want to go put right there so it's definitely mediated by the CPU in this case but if you were using something like dma that would not be the case all right that was it for our review any other questions on the instructions that we learned in the intro class all righty now I was going to quiz you but I I ran