The following is my understanding of the working principle of Bochspwn, I'm not sure if it's correct.

Bochspwn starts the virtual machine through Bochs, and then detects whether the user's actions (requiring manual operation) may trigger a Double Match vulnerability through libinstrument. a.