The DLL View
The DLL Context Menu
The DLL view shows the image file, DLLs, and data files mapped into the address space of the selected process. When you click the properties toolbar button or select Properties from the DLL menu Process Explorer opens a properties dialog for the DLL or mapped file that contains two tabs:
Image:
This page shows version information extracted from the image file and the full path of the image file.
Process Explorer checks for whether or not an image has been digitally signed by a certificate root authority trusted by the computer and displays the status of the check, which is either "Trusted" (signed), "Unsigned", or "Not Verified" (signature has not been checked). You can press the Verify button to have Process Explorer check the signature of an image that has not been verified. Note that the verification operation can result in Process Explorer contacting web sites to check for certificate validity. See the Verify Image Signatures option.
Malware, including viruses, spyware, and adware is often stored in a packed encrypted form on disk in order to attempt to hide the code it contains from antispyware and antivirus. Process Explorer uses a heuristic to determine if an image is packed and if it is changes the text above the full path display field to include "(Image is probably packed)".
Strings:
All printable strings of at least 3 characters in length display on this page. Image strings are read from the process image file on disk whereas Memory strings are read from the image's in-memory storage. Memory strings may be different than on-disk strings when an image uses a decompresses or decrypts when it loads into memory.
Highlight Relocated DLLs
When you select the Relocated DLLs entry in the Options|Configure Highlighting dialog any DLLs that are not loaded at their programmed base address show in yellow. DLLs that cannot load at their base address because other files are already mapped there are relocated by the loader, which consumes CPU and makes parts of the DLL that are modified as part of the relocation un-sharable.
Search Online Selecting this entry will result in Process Explorer launching the system's configured Internet browser and initiating an Internet search for the selected DLL's name.