qModMaster tool introduction

QModMaster is a Qt-based Modbus Master (Master) simulator for simulating and testing Modbus TCP and RTU communications. It provides an intuitive graphical interface that enables users to easily set up and send Modbus requests, and view and analyze response data.

Here are some key features and functions of the QModMaster tool:

Support Modbus TCP and RTU: QModMaster can be used as a master station simulator for Modbus TCP and RTU communication. You can choose the communication method that suits you according to your needs.
Intuitive Graphical Interface: QModMaster provides a user-friendly graphical interface that allows you to easily set up and send Modbus requests, and view response data. You can choose to read and write different types of register data, such as coils, input registers, holding registers, etc.
Flexible data display: QModMaster displays the read data in a tabular form, allowing you to clearly view and analyze Modbus responses. You can choose to display the data in decimal or hexadecimal format, and can sort and filter according to your needs.
Real-time monitoring: QModMaster also provides a real-time monitoring function, which can continuously read and display the register data of the device. You can set the refresh frequency and monitor the device's status and data changes at any time.
Import and export function: QModMaster supports import and export of Modbus configuration and data, which is convenient for you to share and backup configuration between different environments.

QModMaster is an open source project, its source code and related documentation can be found on GitHub. You can use QModMaster to simulate and test Modbus communication, debug and verify according to your needs and application scenarios.

Master is a control device responsible for initiating and managing Modbus TCP communication. It can send read or write requests to slaves and receive responses back from slaves. The master station is usually a host computer or monitoring system, which is responsible for controlling and monitoring the entire system.

Slave: The slave is a passive device that responds to the master's request and provides data. It can be a sensor, PLC or other device. The slave station receives the read or write request from the master station, and returns the corresponding data or performs the corresponding operation. Each slave device has a unique address.

In serial and MB+ networks, only the node designated as the master node can initiate a command (on Ethernet, any device can send a Modbus command, but usually there is only one master node device start command).

In Modbus TCP, the master station is usually the client end of tcp, and the slave station is the server end of tcp, and the default port 502 is opened. This is easy to confuse, here under emphasis.

qModMaster source address

QModMaster download | SourceForge.net

https://codeload.github.com/Thuzerland/qModbusMaster/zip/refs/heads/master

GitHub - Thuzerland/qModbusMaster: Fork of QModMaster (https://sourceforge.net/p/qmodmaster/code/ci/default/tree/)

qModMaster tool address

https://nchc.dl.sourceforge.net/project/qmodmaster/qModMaster-Win64-exe-0.5.3-beta.zip

modbusTCP protocol format

The data frame of ModbusTCP can be divided into two parts: MBAP+PDU

The message is mainly divided into two parts, the protocol header (MBAP Header) and the PDU. PDU also includes two parts: function code (Function code) and data (Data).

(1) Message header MBAP: MBAP is a message header with a length of 7 bytes and is composed as follows:

(2) Frame structure PDU: PDU consists of function code + data. The function code is 1 byte, and the data length is variable, determined by the specific function.

Example message below:

[TCP]>Tx > 18:37:13:318 - 00 02 00 00 00 06 01 03 00 00 00 03
[TCP]>Rx > 18:37:13:330 - 00 02 00 00 00 09 01 03 06 00 02 00 03 00 04

Example package:

0232 0000 0009 01 10 9C490001020000

Protocol header 0232 0000 0009 01
PDU: 10 9C49 0001 02 0000

Differences from standard modbusRTU

Standard modbusRTU mode, the protocol format is:

You can see the difference with modbusTCP. Compared with it, modbusTCP has two less CRC check codes. The unit identifier of MBAP in the modbusTCP protocol is equivalent to the address of the slave station.

Modbus protocol address and common function codes

According to different objects, the function codes of Modbus are:

The register address defined by the Modbus protocol is a 5-digit decimal address, namely:
coil (DO) address: 00000~09999
contact (DI) address: 10000~19999
input register (AI) address: 30000~39999
output register (AO) address: 40000~49999
Since the above-mentioned various addresses are uniquely corresponding, some materials use the first number to distinguish various types of addresses, namely: 0x represents the coil (DO) type address, 1x represents the contact (DI) type address, 3x Represents the input register (AI) type address, 4x represents the output register (AO) type address.
In actual programming, due to the distinguishing function of the prefix, it is only necessary to specify the last 4 digits, and it needs to be converted into a 4-digit hexadecimal address.

Modbus address description

The address types of MODBUS protocol are 0x, 1x, 3x, 4x, 5x, 6x, and 3x_bit, 4x_bit, etc. The
function codes supported by these address types in MODBUS protocol will be described respectively below.

Modbus Slave tool introduction

Modbus Slave is a host computer software that simulates a Modbus protocol slave, and is mainly used to simulate the process of communicating with other host devices. Another software that exists in a complete set - Modbus Poll, is the host computer software that simulates the Modbus protocol host. The software encapsulates the standard Modbus protocol stack inside, and makes the operation easier through the graphical interface. At present, the software supports function codes 01, 02, 03, 04, 05, 06, 15, and 16, original message viewing, data recording and other functions, and is a good helper for debugging the Modbus protocol stack.

Modbus Slave download link

Link: Baidu Netdisk Please enter the extraction code
Extraction code: lft0

Test screenshot

Use of qModMaster with ModbusSlave

The PLC address of the register refers to the address stored in the controller. These controllers can be PLCs, touch screens, or text displays. The PLC address is generally described in decimal, with a total of 5 digits, of which the first digit is the code register type. The corresponding relationship between the first digit and the register type is shown in Table 1. PLC address such as 40001, 30002, etc.

The register modbus protocol address refers to the register address used in communication. In actual programming, due to the distinguishing function of the register PLC address prefix, it is only necessary to specify the last 4 digits, and it needs to be converted into a 4-digit hexadecimal address. For example, PLC address 40001 corresponds to addressing address 0x0000, 40002 corresponds to addressing address 0x0001, and register addressing addresses are generally described in hexadecimal. For another example, the PLC register address 40003 corresponds to the protocol address 0002, and the PLC register address 30003 corresponds to the protocol address 0002.

In actual programming, due to the distinguishing function of the prefix, it is only necessary to specify the last 4 digits, and it needs to be converted into a 4-digit hexadecimal address. For devices or software that support the Modbus protocol, the user should directly set or see the Modbus data address when using it. The data accessed by the Modbus address is read and written through various "functions". Function code is the bottom layer of Modbus address. If the so-called Modbus protocol provided by the Modbus communication party only has function codes, it is necessary to pay attention to understand the corresponding relationship between the function numbers and Modbus addresses.

Modbus debugging tool

Toolkit (including modbus assistant and modbusTCP debugging tool)

download link

https://download.csdn.net/download/qq8864/88226165

QT's modbus read and write

There are many ways, because the protocol is simple, you can also write your own package. There are also ready-made libraries. For example, you can refer to the source code of qModMaster, which uses the libmodbus library. It is recommended to use the libmodbus library. Here is another usage, Qt Modbus module reading and writing.

1. Import module

QT       += serialbus serialport

2. Introduce the header file

#include <QModbusTcpClient>
#include <QModbusReply>

3. Establish a connection

    QModbusClient *modbusDevice=new QModbusTcpClient()；
    modbusDevice->setConnectionParameter(QModbusDevice::NetworkPortParameter,1502);
    modbusDevice->setConnectionParameter(QModbusDevice::NetworkAddressParameter, "127.0.0.1");
    modbusDevice->setTimeout(2000);
    modbusDevice->setNumberOfRetries(3);
    modbusDevice->connectDevice();

4. Read and write

//发送请求
QModbusDataUnit readUnit(QModbusDataUnit::HoldingRegisters,30001,1);

    if (auto *reply = modbusDevice->sendReadRequest(readUnit, 1))
    {
        if (!reply->isFinished())
        {
            connect(reply, &QModbusReply::finished,this,&ThisClass::readReady);
        }
        else
        {
            delete reply;
        }
    }
//处理请求
void ThisClass::readReady()
{
    QModbusReply *reply = qobject_cast<QModbusReply *>(sender());
    if (!reply)
        return;

    if (reply->error() == QModbusDevice::NoError)
    {
        const QModbusDataUnit unit = reply->result();
//        if(unit.startAddress()==30001){
            qint16 res=unit.value(0)；
//        }

    }
    else
    {
    }
    reply->deleteLater(); // delete the reply
}

//写入,举例向40009寄存器地址写入1 （0232 0000 0009 01 10 9C49 0001 02 0001）

//写请求 9C490001020001 ：数据部分
 	QByteArray data=QByteArray::fromHex("9c490001020001");
   // QModbusRequest::WriteMultipleRegisters：功能码 10
    QModbusRequest request(QModbusRequest::WriteMultipleRegisters,
        data);
// 1 ：设备地址
    if (auto *reply = modbusDevice->sendRawRequest(request,1))
    {
        if (!reply->isFinished())
        {
            connect(reply, &QModbusReply::finished,this,&ThisClass::writeReady);
        }
        else
        {
            delete reply;
        }
    }
    //响应处理
    void ThisClass::writeReady()
{
    QModbusReply *reply = qobject_cast<QModbusReply *>(sender());
    if (!reply)
        return;

     reply->deleteLater(); // delete the reply
}