Most SCADA Integrators and users of modbus are familiar with the X0001 format for modbus registers, However, the true modbus standard is not simply one number it is a function code + register number. Specific devices treat the function codes differently on the front-end. The back end will interpret the 40000 registers as a function code/register.

This post will describe the standard and how the mapping between the X0000 registers and the functioncode/registers generally work.

Artistic Freedom

Modbus device developers will have their own idiosyncrasies when designing their modbus device

  • Some devices will have the 3xxxx registers as input registers and the 4xxxx registers as holding registers
  • Some devices will have the 4xxxx registers as input registers and the 3xxxx registers as holding registers
  • Some devices will simplify the registers and integrate both 30000 and 40000 registers into one (usually 40000).

A typical register map for a modbus device could look something like this:

Coil Register 1: 00001

Status Register 1 : 10001

Holding Register 1: 40001

Input Register 1: 30001

 

Modbus Packets

Read Coil (Digital Output Registers) Function Code 1

Coil packets are generally represented as 0-10000, Coil 1 is 00001 while the Function Code representation is 1,1

Read Coil Request Packet

DescriptionAddressFunction CodeInitial Coil OffsetNumber Of PointsCRC
Size (in bytes)11222
Example (hex)010100 0A00 029D C9

Read Coil Response Packet

DescriptionAddressFunction CodeByte CountCoil DataCRC
Size (in bytes)111Number of Points2
Example (hex)0101010311 89

 

Read Digital Input Status Function Code 2

Digital Input packets are generally represented as 10000-19999, DI1 is 00001 while the Function Code representation is 2,1

Read Input Request Packet

DescriptionAddressFunction CodeInitial Coil OffsetNumber Of PointsCRC
Size (in bytes)11222
Example (hex)010200 0000 02F9 CB

Read Input Response Packet

DescriptionAddressFunction CodeByte CountInput DataCRC
Size (in bytes)111Number Of Points2
Example (hex)0102010220 49

 

Read Holding Registers Function Code 3

Holding Registers are generally represented with the 40000-50000 registers, register 40001 is 3,1

Read Input Request Packet

DescriptionAddressFunction CodeInitial Coil OffsetNumber Of PointsCRC
Size (in bytes)11222
Example (hex)010300 0200 0125 CA

Read Input Response Packet

DescriptionAddressFunction CodeByte CountInput DataCRC
Size (in bytes)111Number of Points X22
Example (hex)01030207 FFFA 34

 

Read Input Registers Function Code 4

Input Registers are generally represented with the 30000-49999 registers, register 30001 is 4,1.

Read Input Request Packet

DescriptionAddressFunction CodeInitial Coil OffsetNumber Of PointsCRC
Size (in bytes)11222
Example (hex)010400 0000 0131 CA

Read Input Response Packet

DescriptionAddressFunction CodeByte CountInput DataCRC
Size (in bytes)111Number of Points X22
Example (hex)01040203 FFF9 80