Quick question. I checked the notepad++ application. It found some problems, for example:
[+] C:\Notepad++\dbghelp.dll --> DLL Hijack Successful [Entry Point Not Found - Manual Analysis Required]
[+] C:\Notepad++\MSASN1.dll --> DLL Hijack Successful
However, when I tried the same attack by clicking Notepad++ executable, or running it from cmd.exe, the 'vulnerable' DLL was always ignored. I am wondering why this happens. I can see the notepad++ behaviour (for example: errors when Entry Point was not found) when your tool is running, but when I try to execute notepad++ nothing happens.
Does your tool start an application is some specific way? How I can simulate this easily?