A faster check to see if a binary has a constructor that enables FTZ/DAZ that just does byte matching

fast_check_for_ffast_math.py

import sys
import mmap
from elftools.elf.elffile import ELFFile, ELFError
import struct

set_fast_math_code = bytes.fromhex('0fae5c24fc814c24fc408000000fae5424fcc3')

def load_bytes_from_elf(bindata, elf, vaddr, size):
    try:
        paddr = next(iter(elf.address_offsets(vaddr)))
    except StopIteration:
        return None
    return bindata[paddr:paddr+size]

def check_for_ffast_math(elf, bindata, addr):
    # +4 because we may have an endbr64 instruction (f30f1efa) in the prologue
    code = load_bytes_from_elf(bindata, elf, addr, len(set_fast_math_code)+4)
    if code is None:
        return False
    return set_fast_math_code in code

for filename in sys.argv[1:]:
    print(f"{filename} ", end="", flush=True)
    try:
        elf = ELFFile(open(filename,'rb'))
    except ELFError:
        print("is not an ELF file")
        continue
    if (arch := elf.get_machine_arch()) != 'x64':
        print(f"is {arch} not x64")
        continue
    bindata = mmap.mmap(elf.stream.fileno(), 0, access=mmap.ACCESS_READ)
    s = elf.get_section_by_name('.init_array')
    if s is not None and (ia_data := s.data()):
        constructors = struct.unpack(f'<{len(ia_data)//8}Q', ia_data)
    else:
        constructors = []
    i = len(constructors)
    print(f"({i} constructor{'s'[:i^1]}) ", end="", flush=True)
    for addr in constructors:
        if check_for_ffast_math(elf, bindata, addr):
            print(f"contains ffast-math constructor at {hex(addr)}")
            break
    else:
        print("is clean")

constructor{'s'[:i^1]}

amazing