From 955641580216b798508a2b14e1db420a7a18091d Mon Sep 17 00:00:00 2001
From: xerox <xerox@back.engineering>
Date: Thu, 5 Nov 2020 12:49:06 -0800
Subject: [PATCH] added a check to see if we already found the syscalls
 physical page

---
 VDM/vdm_ctx/vdm_ctx.cpp | 4 ++++
 1 file changed, 4 insertions(+)

diff --git a/VDM/vdm_ctx/vdm_ctx.cpp b/VDM/vdm_ctx/vdm_ctx.cpp
index 7499fb4..59e3be7 100644
--- a/VDM/vdm_ctx/vdm_ctx.cpp
+++ b/VDM/vdm_ctx/vdm_ctx.cpp
@@ -4,6 +4,10 @@ namespace vdm
 {
 	vdm_ctx::vdm_ctx()
 	{
+		// if we already found the syscall's physical page...
+		if (vdm::syscall_address.load())
+			return;
+
 		vdm::ntoskrnl = reinterpret_cast<std::uint8_t*>(
 			LoadLibraryExA("ntoskrnl.exe", NULL,
 				DONT_RESOLVE_DLL_REFERENCES));