it's reliable enough, and KMDs are NT-only (and if you combine some sort of VXD/KMD stuff in one app, it will look ugly :/ ). IAT-hooking is sufficient for the average job, but you need to watch out for some annoying pitfalls, like patching LoadLibrary()/GetProcAddress(), but even then an app could dynamically obtain API address by enumerating EATs, so that's where EAT-hooking comes in.

As for reliability, it's simply best to allocate a buffer of say, 20 bytes of nops, and a jmp , use a LDE, scan the first few instructions, until the length you have scanned exceeds 6 (push dword / retn, it must be direct, not relative, so it can be hooked again), copy those instructions into your empty buffer, patch the entrypoint, repair the empty jump in the buffer, and that shall act as a stub your hooking procedure calls to return to the original function. I, personally, think this is the most reliable way out there.

as for dll-injection, open a process, retreive its threads, use OpenThread() to convert dwThreadID to hThread, SuspendThread(), GetThreadContext(), alter eip, SetThreadContext(), and inject a CreateThread() call, then resume the thread.

OpenThread() is "officially" only avaliable on NT, but there are plenty of undocummented ways to achieve the same.

ok just my 2 cents.