Presented is an anti-tampering method that validates and protects specific sections of a binary file. In one embodiment, this method permits a proxy engine to execute (via emulation by a virtual machine) the protected code on behalf of the binary in kernel mode upon successful completion of an integrity check. The integrity check can optionally check only the specific parts of code that the developer wishes to validate. The integrity check can cross binary boundaries. Moreover, the integrity check can be done on a hard drive or in memory. Furthermore, since the encrypted code is executed by the proxy engine in kernel mode, hackers are further deterred from modifying the code. Additionally, a method of creating a protected binary file is described herein.