MODBUS function code Introduction
| Code |
Chinese name |
Bit manipulation / word operation |
The number of operations |
| 01h |
Read Coil Status |
Bit operating |
Single or multiple |
| 02h |
Read discrete input states (0 or 1 read only) |
Bit operating |
Single or multiple |
| 03h |
Read holding register (holding register can be written to by function 06h) |
Word Action |
Single or multiple |
| 04h |
Read the input register (input register can only be read, but not write function 06h) |
Word Action |
Single or multiple |
| 05h |
Write single coil (coil for controlling the output indicates IO control) |
Bit operating |
single |
| 06h |
Write single holding register |
Word Action |
single |
| 0Fh |
Write multiple coils |
Bit operating |
More |
| 10h |
Write Multiple Holding Registers |
Word Action |
More |
Modbus TCP Introduction
Example - 03 function code is read by the register (the register 00 starting from the read two values, read register 01 End)
The client sends 01 02 00 00 0,006,010,300,000,002
010,200,000,006 (fixed header)
- 0102: checking information sent by the client, server-side will copy the contents of the two bytes to respond to the message of the first two are generally the first two we will be kept sliding scale, depending on the server and then returned. the corresponding content to verify the timeliness of server response information
- 0000: representation of modbus tcp / ip protocol agreement
- 0006: that the client sends back with the number of bytes.
010,300,000,002 (user data)
- 01: indicates the device address
- 03: indicates a read function code holding register
- 00 00: indicates the start address of the client register read
- 00 02: indicates the number of the read register value (due to 02, it will read the value of the register 00h, and 01h) of
The return value as shown below:
The server returns the value 01 02 00 00 00 07 01 03 04 04 7B 00 FF
- 0102: The server response test information
- 0000: representation of modbus tcp / ip protocol agreement
- 0007: that the server sends back with the number of bytes.
- 01: indicates the device address
- 03: a functional code
- 04: indicates the length in bytes of the register sent back 00
- 04 7B: indicates the value of the register 00
- 00 FF: represents the value of the register 01
-06 single exemplary function code register write (write address value in the register 03)
客户端发送 01 02 00 00 00 06 01 06 00 03 00 FF
01 02 00 00 00 06 (固定报文头)
- 01 02: 客户端发出的检验信息
- 00 00: 表示tcp/ip 的协议的modbus的协议
- 00 06: 表示客户端发送的后面带了多少字节.
01 06 00 03 00 FF (用户数据)
- 01: 表示设备地址
- 06: 表示写单个保持寄存器功能码
- 00 FF: 表示写入寄存器03h的值为0xFF
返回值如下图所示:
服务器返回 01 02 00 00 00 06 01 06 00 03 00 FF
后面的06 00 03 00 FF:表示客户端使用06功能码成功向寄存器03h分别写入了0xFF值
示例-10功能码写多个寄存器(向寄存器03~06地址里写不同值)
客户端发送 01 02 00 00 00 10 01 10 00 03 00 04 08 FF FF 00 0A 00 0F 00 06
01 02 00 00 00 10 (固定报文头)
- 01 02: 客户端发出的检验信息
- 00 00: 表示tcp/ip 的协议的modbus的协议
- 00 10: 表示客户端发送的后面带了多少字节.
01 10 00 03 00 04 08 FF FF 00 0A 00 0F 00 06 (用户数据)
- 01: 表示设备地址
- 10: 表示写多个保持寄存器功能码
- 00 03: 表示客户端写入的寄存器起始地址
- 00 04: 表示写入的寄存器值个数(由于为04,所以会写入寄存器03h~06h的值)
- 08: 表示后面写入的字节个数
- FF FF: 表示写入寄存器03h的值
- 00 0A: 表示写入寄存器04h的值
- 00 0F: 表示写入寄存器05h的值
- 00 06: 表示写入寄存器06h的值
返回值如下图所示:
服务器返回 01 02 00 00 00 06 01 10 00 03 00 04
后面的10 00 03 00 04:表示客户端使用10功能码成功向寄存器03h~06h分别写入了值
部分参考内容:https://blog.csdn.net/mikasoi/article/details/81782159