MODBUS communication protocol and programming

MODBUS communication protocol and programming

ModBus communication protocol is divided into RTU protocol and ASCII protocol. Various types of meters of our company use ModBus RTU communication protocol, such as: YD2000 intelligent power monitor, inspection table, digital display, light column digital display and so on. The following briefly describes the ModBus RTU protocol as follows:

First, the communication protocol

(1) Communication transmission method:

Communication transmission is divided into independent information headers and transmitted coded data. The following definition of the communication transmission mode is also compatible with the MODBUS RTU communication protocol:

coding

8-bit binary

Start bit

1 person

Data bits

8-bit

Parity bit

1 bit (even parity)

Stop bit

1 person

Error check

CRC (redundant cyclic code)

Initial structure = ≥ 4 bytes of time

Address code = 1 byte

Function code = 1 byte

Data area = N bytes

Error check = 16-bit CRC code

End structure = ≥ 4 bytes of time

Address Code: The address code is the first byte of the communication transmission. This byte indicates that the slave set by the user to set the address code will receive the message sent by the master. And each slave has a unique address code, and the response loopback starts with the respective address code. The address code sent by the master indicates the slave address to be sent to, and the address code sent by the slave indicates the slave address returned.

Function code: The second byte of communication transmission. The ModBus communication protocol defines function numbers 1 to 127. This instrument uses only some of its function codes. As the host requests the sending, the function code is used to tell the slave what to do. As a slave response, the function code sent by the slave is the same as the function code sent from the master and indicates that the slave has responded to the master for operation. If the highest bit of the function code sent by the slave is 1 (for example, the function code is large at the same time 127), it means that the slave does not respond to the operation or send an error.

Data area: The data area differs depending on the function code. The data area can be the actual value, the set point, the address the host sends to the slave or the slave sends to the host.

CRC code: Two-byte error detection code.

(II) Communication Protocol:

When the communication command is sent to the instrument, the device that matches the corresponding address code receives the communication command, removes the address code, reads the information, and if there is no error, executes the corresponding task; then returns the execution result to the sender. The returned information includes the address code, the function code for executing the action, the result data after the action is performed, and the error check code. If you make a mistake, no information is sent.

1. Information frame structure

address code

function code

Data area

Error check code

8-bit

8-bit

N × 8 bits

16-bit

Address Code: The address code is the first byte (8 bits) of the information frame, from 0 to 255. This byte indicates that the slave set by the user to receive the address will receive the message sent by the master. Each slave must have a unique address code, and only slaves that match the address code can respond to a loopback. When the slave sends back information, the equivalent address code indicates where the message came from.

Function code: The function code sent by the host tells the slave what task to perform. The function codes listed in Table 1-1 have specific meanings and operations

Code

meaning

operating

03

Read data

Read one or more binary values ​​in the current register

06

Reset single register

Write the set binary value to a single register

Data area: The data area contains the return information that needs to be executed by the slave or collected by the slave. This information can be numerical values, reference addresses, and so on. For example, if the function code tells the slave to read the register value, the data area must contain the start address and read length of the register to read. For different slaves, the address and data information are different.

Error check code: The host or slave can use the check code to judge whether the received information is wrong. Sometimes, due to electronic noise or some other interference, the information will change slightly during the transmission process. The error check code ensures that the host or the slave does not work on the information that is wrong during the transmission. This increases the security and efficiency of the system. The error check uses the CRC-16 check method.

Note: The format of the information frame is basically the same: address code, function code, data area and error check code.

2. Error check

The redundant cyclic code (CRC) contains 2 bytes, ie 16-bit binary. The CRC code is calculated by the sending device and placed at the end of the sent message. The device receiving the information recalculates the CRC code of the received message and compares the calculated CRC code with the received one. If the two do not match, it indicates an error.

The CRC code is calculated by presetting 16-bit registers to all 1s. Then gradually process every 8 bits of data information. In the CRC code calculation, only 8 data bits, start bit and stop bit, and parity bits if there is a parity bit, are not involved in CRC calculation.

When calculating the CRC code, the 8-bit data and the register data are XORed, and the obtained result is shifted to the lower byte by one, and the highest bit is filled with 0. Then check the least significant bit. If the least significant bit is 1, the contents of the register are different from the preset number. If the least significant bit is 0, no XOR operation is performed.

This process has been repeated 8 times. After the 8th shift, the next 8 bits are XORed with the contents of the current register. This process is repeated 8 times as above. After all data information is processed, the contents of the last register are the CRC code values. The low byte of the data in the CRC code is transmitted or received.

The steps for calculating the CRC code are:

• The preset 16-bit registers are hexadecimal FFFF (that is, all 1s). Call this register CRC register;

· XOR the first 8-bit data with the lower bits of the 16-bit CRC register and place the result in the CRC register.

· Move the contents of the register one bit to the right (toward the lower bit), fill in the highest bit with 0, and check the lowest bit;

· If the least significant bit is 0: Repeat step 3 (shift again); if the least significant bit is 1: the CRC register is XORed with the polynomial A001 (1010);

Repeat steps 3 and 4 until the right shift 8 times so that the entire 8-bit data is processed;

Repeat Step 2 to Step 5 to process the next 8-bit data.

The last CRC register is the CRC code.

3. Function code 03, read point and return value:

The instrument uses the Modbus RTU communication protocol. Using communication commands, it can perform read point ("Hold Register") or return value ("Input Register") operations. Both the hold and input registers are 16-bit (2-byte) values ​​with the most significant bit first. The read point and return value for the meter are both 2 bytes. The maximum number of registers that can be read at one time is 60. Since some programmable controllers do not use function code 03, function code 03 is used as read point and return value. The command format of slave response is slave address, function code, data area and CRC code. Register data in the data area is preceded by high byte of every two bytes.

4. Function code 06, single point save

The host uses this command to save the single-point data to the meter's memory. The slave also uses this function code to return information to the host.

Second, programming examples

Here is an example of ModBus RTU communication written in VC

(a), communication port settings

DCB dcb;
hCom=CreateFile("COM1",
GENERIC_READ|GENERIC_WRITE,
0,
NULL,
OPEN_EXISTING,
0,
NULL);
If(hCom==INVALID_HANDLE_VALUE)
{
MessageBox("createfile error,error");
}
BOOL error=SetupComm(hCom,1024,1024);
If(!error)
MessageBox("setupcomm error");
Error=GetCommState(hCom,&dcb);
If(!error)
MessageBox("getcommstate,error");
dcb.BaudRate=2400;
dcb.ByteSize=8;

dcb.Parity=EVENPARITY;//NOPARITY;
dcb.StopBits=ONESTOPBIT;

Error=SetCommState(hCom,&dcb);

(B), CRC checksum calculation

UINT crc
Void calccrc(BYTE crcbuf)
{
BYTE i;

Crc=crc ^ crcbuf;
For(i=0;i<8;i++)
{
BYTE TT;
TT=crc&1;
Crc=crc>>1;
Crc=crc&0x7fff;
If (TT==1)
Crc=crc^0xa001;
Crc=crc&0xffff;
}
}

(III) Data Transmission

Zxaddr=11;//Read the patrol table data with address 11
Zxnum=10;//Read ten channels of data

Writebuf2[0]=zxaddr;
Writebuf2[1]=3;
Writebuf2[2]=0;
Writebuf2[3]=0;
Writebuf2[4]=0;
Writebuf2[5]=zxnum;
Crc=0xffff;
Calccrc(writebuf2[0]);
Calccrc(writebuf2[1]);
Calccrc(writebuf2[2]);
Calccrc(writebuf2[3]);
Calccrc(writebuf2[4]);
Calccrc(writebuf2[5]);

Writebuf2[6]=crc & 0xff;
Writebuf2[7]=crc/0x100;
WriteFile(hCom,writebuf2,8,&comnum,NULL);

(D), data reading

ReadFile(hCom,writebuf,5+zxnum*2,&comnum,NULL);//Reading zxnum channel data can increase the error handling procedure, such as address code error, CRC code error judgment, communication fault processing and so on.