Code obfuscation is currently one of the most viable methods for preventing reverse engineering attacks. Many kinds of code obfuscation transforms are widely used in software protection. However, there are still no sufficient theories to evaluate the effectiveness of obfuscation transform. In fact, few measurements are available that provide information about the capability of obfuscation to reduce attackers’ efficiency, and few existing theories, which draws upon complexity metrics from software engineering, are convincing. This paper uses a different way to evaluate the difficulty that attackers have in understanding and modifying obfuscated software through static analysis, dynamic debugging of reverse engineering, and then to abstract some metrics to quantify to what extent that code obfuscation is able to make attacks more difficult to be performed.