在不使用VT的情况下 过了PG 是否可以监控 某内核地址的读 或写 硬件断点这种

实现躲避SSDT 挂钩的检测

As far as I know no one who contributes to this repo speaks Chinese. So you'll have a better chance of success asking in English. That said, I ran your question through Google translate and here are some possible things you may or may not be asking, and my answers to them:

Is it possible to hook the SSDT without using virtualization?

Yes, but Patchguard will detect it.

Is it possible to hook the SSDT without using virtualization and without Patchguard detecting it?

Only if you disable Patchguard. In theory this can be done both 'live' (on a running system) and 'offline' (patching a kernel file and booting from that). While working live Patchguard bypasses have been published in the past and will probably continue to be made, they tend to be short-lived as Microsoft patches them quickly. This is why the readme recommends an offline method such as UPGDSED.

Are there any plans to use virtualization to bypass Patchguard detection?

Not that I'm aware of. TH is an anti-anti-debugger that only happens to use rootkit mechanisms to hide its presence from user mode because this is convenient and powerful. However it is trivially detectable by free tools such as GMER which have a kernel mode component. True stealth (i.e. being a 'real' rootkit) is not a design goal; only avoiding detection by usermode anti-debuggers is.