Modbus TCP Format Description communication mechanism with C # test tools for learning, testing

Source: Internet
Author: User

Objective:

Previous blog shows how to read and write the data of Modbus TCP server in C #, article: http://www.cnblogs.com/dathlin/p/7885368.html

Of course there is also how to create a server article: http://www.cnblogs.com/dathlin/p/7782315.html

But the above two articles are already packaged API, as long as the call can implement the function, for want to understand the principle of Modbus TCP may not be suitable, recently there are many netizens want to understand this agreement, so here to write an article about Modbus TCP, However, this article is a simple version, in the future I will study in depth, and then open an advanced version, in the short version, the success of the flag and other data signs are omitted, these to wait until later.

First share, my own study address source: http://blog.csdn.net/thebestleo/article/details/52269999 statement: This article is not reproduced, not copy the original article, is based on my reference to the original blog, Understand the basic Modbus communication, and combined with their own understanding, re-write a better primer on the article, the original author posted here to show respect for intellectual property rights, the original article some places have a little mistake, and has stopped updating, also did not provide convenient testing tools, the official Modbus The test tool is a trial version, you need to purchase serial number, so here is my own test tool, the address is as follows, the following examples are based on this tool to achieve.

Https://github.com/dathlin/ModBusTcpTools/raw/master/download/download.zip

About the test tool is also open source, if you want to view the source code: Https://github.com/dathlin/ModBusTcpTools

QQ Group of technical Support: 592132877

Preparation conditions:

Before the above test tool download, need some additional knowledge to add, here no matter what language you are learning, for the socket communication layer, is actually the same, the following explanation of the content is directly based on the underlying, unrelated syntax of the operation.

But you need to be very clear on the concept of byte, generally is a byte array, a byte has 8 bits, this is also very clear, if even a byte is not clear, then the contents of the article below is very difficult to understand, then it is recommended that you look at the computer principles of these books, For socket communication, each language has a different way of writing, but all languages have two things in common, can be implemented to send data to the socket and receive data from the socket, as for this, if you want to do, refer to the language you need to use, here do not do this explanation.

With regard to hexadecimal text, all byte arrays are represented as 16 binary in the following contents of this article, for example, FF 10 represents 2 bytes, one is 255 and the other is 16.

byte[] temp = new Byte[2];temp[0] = 0xff;temp[1] = 0x10;

If the above temp is considered to be the data of the coil being read, then the conversion rule is as follows:

First convert the above data into binary: 1111 1111 (first byte, we write from high to status) 0001 0000 (second Byte, we write from high to status)

The corresponding coil is, coil 7-coil 0,,,, the second byte corresponds to the coil is, coil 15-coil 8 Here must be understood, from a byte, temp[0] is the position, temp[1] is high, deep into each byte inside the binary, high in front, Low in the rear.

In C # equivalent to the following code, and C language, Java is very similar, but also a good understanding.

If I say, send a note to the FF 01 00 00 00 01 to the socket, then that is:

byte[] temp = new Temp[12];temp[0] = 0x00;temp[1] = 0x00;temp[2] = 0x00;temp[3] = 0x00;temp[4] = 0x00;temp[5] = 0x06;temp[ 6] = 0xff;temp[7] = 0x01;temp[8] = 0x00;temp[9] = 0x00;temp[10] = 0x00;temp[11] = 0x01;socket. Send (temp);

Do not control what the above data means, and know what the above code means on the line. The next step is to download the test tools above, and begin to learn the Modbus TCP protocol really!

Test tool Initialization

Run the Server.exe file first, enter 502 in the port, and then click Start Service , as follows:

Then run the Client.exe program, enter 127.0.0.1 in the IP address, enter 502 in the port, click Configure , we see, if your server program is running on another computer, or even the cloud, as long as the client's IP is modified to the server's IP, The port number corresponds, you can access the data to the server.

Special tests do not have to be used, and we do not agree with what we are learning now.

Detailed explanation of function code

For Modbus, the function code involved is 0x01,0x02,0x03,0x05,0x06,0x0f,0x10, in fact, the classification, there are only two, the coil and register, that is, bit read and write, and the word read and write, the first need to be clear is the function code is not the same, The parsing rules for the corresponding data are not the same, as follows for different situations.

First of all, the Modbus protocol, the ultimate goal is to achieve data interaction, since it is data interaction, which is the inclusion of data read and write, we put our ideas into a string of data, sent to the device (or called the server), it returns a string of data, according to the rules to parse out, This gives us the data we really want. Here's the first idea to come true.

In addition, in the Modbus server side, the data is the use of the address of the public, it is good to understand that the server has saved a lot of data, you want to access a data must specify a unique identity, from a continuous address to distinguish the data is the most common practice, not only good understanding, but also easy to expand, For example, you can also read contiguous addresses of data blocks. If you use string names to identify data, there is no such feature.

For bit operations (various coils and discrete quantities), an address represents a bool variable, that is, 0 and 1, either through or off, like some ordinary switch.

For the register, an address represents 2 byte, a total of 65536 ways to meet the majority of daily use, such as we read the Register of address 0, return 00 00 and the register 0 data 0, if return 01 00, then the register 0 data is the

function Code 0x01:

I do not directly on a string of data, so look tired, we start from the example, now we need to read the coil (discrete) operation, I would like to read the address 0 of the coil is or is broken. Once we have this functional requirement, we can write out special instructions according to the requirements. A byte array of length 12 is required, as specified by the Protocol

Byte[0] byte[1] byte[2] byte[3] byte[4] byte[5] byte[6] byte[7] byte[8] byte[9] byte[10] byte[11]

Byte[0] byte[1]: Message number---------casually specified, the first two words of the data returned by the server are the same as this

BYTE[2] byte[3]: Modbus logo, forced to 0

BYTE[4] byte[5]: Indicates the number of all bytes after byte[5, which is the total length-6

BYTE[6]: Station number, casually designated, XX--FF can

BYTE[7]: Function code, here we need to fill in the real idea.

BYTE[8] byte[9]: Start address, for example, we want to read the data of address 0, fill in 00 00, if we want to read the data of address 1000, what to do, fill in the E8, that is, 1000 conversion 16 into the system.

BYTE[10] byte[11]: Specify the length of the data you want to read, for example, we want to read a data of address 0, here we write 00 01, if we want to read address 0-999 Total A data length, write E8. Is the same as the start address.

With the above format, we will then follow the format to fill in the data bar, we need to read the address 0 of the data, then specify the following

In the XX, the FF 01 00 00 00 01

The message number is set to 0, station number FF, function code 01, address 01, Length 01: The above instructions in the client program input, click Send, so that in the response box below to receive the server feedback data, we ultimately need information in the feedback data.

The front is the time to receive the data, automatically ignored, then the returned data is the xx xx, the FF 01 01 00 Total 10 bytes of data, OK, what does this thing mean, we come to separate analysis:

Byte[0] byte[1]: message number, we wrote the instructions before, how much, here is how much.

BYTE[2] byte[3]: Must all be 0, which means that this is Modbus communication

BYTE[4] byte[5]: Indicates the number of bytes behind byte[5], do you count to see 4? So here's 00 04, and if there's a total of 100, then this is 00 64.

BYTE[6]: Station number, before we wrote FF, so here is FF

BYTE[7]: Function code, we previously wrote 01 function code, here is also 01, and we send the instructions are consistent

BYTE[8]: Indicates the number of bytes followed by byte[8], because following the byte[8] is the real data, and the end result we want is behind byte[8]

BYTE[9]: Real data, haha, this must be what we really want, we know a byte has 8 bits, but we only read a bit of data, all of the valid values here is only byte[9] the lowest bit, binary 0000 0000 We see the lowest bit is 0, So eventually we read the address 0 of the coil to be broken.

Suppose we read address 10, starting with a total of 10 coils, then what would it return? So we're sending you the FF 0A 0A

We have received: xx xx (FF) 01 02 00 00 The preceding 8 bytes of information is consistent with the above analysis, and we will focus on the next three bytes. We read 10 bits, then a byte can represent 8 bits, then our result needs at least 2 byte to express, so the final data is definitely 2 bytes, then 02 is the number of bytes behind, that is, the actual data length.

The last 2 bytes are the final data we want! Next is how to parse, we still need to write a binary first, in order to an analysis: 00 2 binary as follows

   0               0                0              0             0           0            0            0                                    0              0               0            0            0          0           0            0                         

Coil 17 Coil 16 coil 15 coil 14 coil 13 coil 12 coil 11 coil 10 Invalid Invalid invalid Invalid invalid coil 19 coil 18

At this point we get our final data! Because the server here is 0, so all the coils are broken, and so on can be combined with 05 function code write coil for joint testing.

function Code 0x02:

This function code is consistent with the above, this function code is not supported in this server. The sending and parsing rules are consistent with the above and are not covered.

function Code 0x05:

We first explain the 05 function code, this function code is to achieve data write, it can realize what function, we can use this function code to specify a coil through or break, how to operate it, with the previous 01 function code experience, the following code looks much smoother.

For example, I want to specify the register of address 0 for the pass: xx, XX, ff 00 the meaning of the front is consistent, we analyze the FF 00

05 is the function code, 00 00 is the address we specify, if we want to write the address 1000 for the pass, then for the E8, as for the FF 00 is the specified data, if you want to address the coil pass, fill this value, want to specify the coil is broken, fill in 00 00, any other value is invalid for the result.

And then we look at what the write operation server returned? We see the same. ff 00 because in the operation you write, the data is not read, so the server will copy your instructions and return it directly.

Here are some examples of easy to understand (we only need to specify the address and whether the situation can be broken):

Write address 100 for pass: xx xx, ff 00

Write address 1000 is broken: xx, 00 00, FF E8

function Code 0x0f:

To be continued,,,

Modbus TCP Format Description communication mechanism with C # test tools for learning, testing

Contact Us

The content source of this page is from Internet, which doesn't represent Alibaba Cloud's opinion; products and services mentioned on that page don't have any relationship with Alibaba Cloud. If the content of the page makes you feel confusing, please write us an email, we will handle the problem within 5 days after receiving your email.

If you find any instances of plagiarism from the community, please send an email to: info-contact@alibabacloud.com and provide relevant evidence. A staff member will contact you within 5 working days.

A Free Trial That Lets You Build Big!

Start building with 50+ products and up to 12 months usage for Elastic Compute Service

  • Sales Support

    1 on 1 presale consultation

  • After-Sales Support

    24/7 Technical Support 6 Free Tickets per Quarter Faster Response

  • Alibaba Cloud offers highly flexible support services tailored to meet your exact needs.