vsyscall are fast calls setup by the linux kernel.
the vsyscall support 3 system calls (gettimeofday, time, getcpu) when the kernel boots up it sets permenant memory address with ring 3 permissions. The kernel store the vsyscall address inside the cpu sysenter register.
i've wrote small tool which find the _vsyscall and sysenter addresses using libdisasm.

IDTR stores the global descriptor table register. there is only one IDT (interrupt descriptor table) per processor.
During the malware analysis the challenge begin when using virtual machine which utilze the VT technology, modern malwares can detect when running on virtual enviroment by simply reading the SIDT value. since the call does not generate any interrupt the VM doesnt aware of the call and cannot alter the result. what left to do is to compare the VM IDT and the real CPU IDT, if the results are different the malware detect that it is being executed on virtual machine and exit. to view example simply download the following small code.