Finally figured out a workable solution.
I wiped the 100mb Win7 system partition, & replaced it up with grub4dos. grub4dos does the same job as the Win7 boot menu - but it can be written in a way that doesn't require any user interaction:
#Don't show this menu to the user
timeout 0
#First try to load the encrypted OS. If that fails...
default 0
#...Fallback on the unencrypted
fallback 1
#Main OS
title 1
root (hd0,1)
chainloader /bootmgr
#Decoy OS
title 2
root (hd0,2)
chainloader /bootmgr
So what happens is, the VeraCrypt bootloader appears. Whether you type your password or press ESC, it will load the grub menu & trytry to boot the encrypted OS.
->If *If you actually typed your password, the encrypted OS will be available and will successfully boot. ->If
*If you pressed ESC, the encrypted OS will fail to boot and grub will fallback on the unencrypted.
So to the user, everything is invisible & automatic, and it essentially behaves the same as the two hard-drivedisk situation :)