ssdt的地址是变的吗？

  typedef struct _SRVTABLE {
  unsigned int *ServiceTableBase;
unsigned int *ServiceCounterTableBase;
unsigned int NumberOfServices;
unsigned char *ParamTableBase;
} SRVTABLE, *PSRVTABLE;

//
// Pointer to the image of the system service table
//
extern PSRVTABLE KeServiceDescriptorTable;
查看KeServiceDescriptorTable地址每次都变一次，不过地址中指向的倒是正确的啊
nt!RtlpBreakWithStatusInstruction:
80527da8 cc              int     3
kd> dd KeServiceDescriptorTable
80553180  80502030 00000000 0000011c 805024a4
80553190  00000000 00000000 00000000 00000000
805531a0  00000000 00000000 00000000 00000000
805531b0  00000000 00000000 00000000 00000000
805531c0  00002710 bf80da45 00000000 00000000
805531d0  f9e79a80 8164d860 81641a90 806e0f40
805531e0  00000000 00000000 00000000 00000000
805531f0  5bc52540 01c77734 00000000 00000000
kd> dd fa031984
fa031984  80553180 80510c82 80596542 805449e6
fa031994  80545080 804f158c 80569140 8052af2c
fa0319a4  805a17a6 8059d2c6 804eee90 80568dcc
fa0319b4  8056a9e0 80536010 00000000 00000000
fa0319c4  46146f21 00000000 00000002 0000003d
fa0319d4  000009ec 000009ec 00000000 ffffffff
fa0319e4  fa031468 fa03146c 53445352 2ada980a
fa0319f4  4dad7ad4 303b378f 0a07d4ca 0000000c
kd> dd 80553180
80553180  80502030 00000000 0000011c 805024a4
80553190  00000000 00000000 00000000 00000000
805531a0  00000000 00000000 00000000 00000000
805531b0  00000000 00000000 00000000 00000000
805531c0  00002710 bf80da45 00000000 00000000
805531d0  f9e79a80 8164d860 81641a90 806e0f40
805531e0  00000000 00000000 00000000 00000000
805531f0  5bc52540 01c77734 00000000 00000000
kd> g
KeServiceDescriptorTable=f9fea984
找GetAddrssofShadowTable找到GetAddrssofShadowTablewatchdog!WdUpdateRecoveryState: Recovery enabled.
Break instruction exception - code 80000003 (first chance)
*******************************************************************************
*                                                                             *
*   You are seeing this message because you pressed either                    *
*       CTRL+C (if you run kd.exe) or,                                        *
*       CTRL+BREAK (if you run WinDBG),                                       *
*   on your debugger machine's keyboard.                                      *
*                                                                             *
*                   THIS IS NOT A BUG OR A SYSTEM CRASH                       *
*                                                                             *
* If you did not intend to break into the debugger, press the "g" key, then   *
* press the "Enter" key now.  This message might immediately reappear.  If it *
* does, press "g" and "Enter" again.                                          *
*                                                                             *
*******************************************************************************
nt!RtlpBreakWithStatusInstruction:
80527da8 cc              int     3
kd> dd f9fea984
f9fea984  80553180 80510c82 80596542 805449e6
f9fea994  80545080 804f158c 80569140 8052af2c
f9fea9a4  805a17a6 8059d2c6 804eee90 80568dcc
f9fea9b4  8056a9e0 80536010 00000000 00000000
f9fea9c4  461473ff 00000000 00000002 0000003d
f9fea9d4  000009ec 000009ec 00000000 ffffffff
f9fea9e4  f9fea4a9 f9fea4ad 53445352 2ada980a
f9fea9f4  4dad7ad4 303b378f 0a07d4ca 0000000d

是我糊涂了，不好意思，笨死了