Much of the present invention is the window of network packets using hardware-based session tracking and pattern matching technology search for a pattern related to the executable file , to a Windows executable file extraction method , and apparatus for extracting all of the packets that are part of the session . The present invention satisfies the at least one input stage , the PE performing pattern matching on the collected input packet , and PE pattern matching to collect the input packet has a payload according to a session of a packet having a reference pattern MZ includes forming a PE file based on the packet .
展开▼
