Inject process explorer.exe

function injectProcess(processName, dllName)
{
  var process = Process.findModuleByName(processName);
  Interceptor.attach(process.base, {
    onEnter: function (args) {
      args[0] = ptr("0x1");
      this.args = args;
    },
    onLeave: function (retval) {
      var module = Process.enumerateModules()[dllName];
      if (!module)
        throw (dllName + " not found!");
      var dll = new NativePointer(module.base);
      retval.replace(dll);
    }
  });
}

injectProcess("explorer.exe", "notepad.exe");