Analysis of Modbus Protocol Function Codes and Their Formats
Release Date:
2025-01-13
In industrial automation and equipment communication, the Modbus protocol, as a widely used serial communication protocol, is extensively employed for data exchange among devices such as PLCs, sensors, and variable-frequency drives. Modbus achieves various operations through specific function codes. Today, we will provide a detailed analysis of Modbus function codes and their format.
I. Overview of the Modbus Protocol Format
The data format of the Modbus protocol primarily consists of the following components:
- Address Field:
One byte, representing the device address.
- Function Code:
One byte, indicating the type of operation to be performed.
- Data Domain:
N bytes, indicating the data required for the operation or the data in the response.
- CRC Check (CRC):
Two bytes used for data integrity verification.
The basic data format of the Modbus protocol is as follows:
| Address Field | Function Code | Data Field | CRC Check |
II. Common Modbus Function Codes and Their Meanings
The Modbus protocol supports a variety of function codes, each corresponding to a specific operation or request. The following is a detailed description of the common function codes:
1. Function Code 0x01: Read Coils
Function code 0x01 is used to read the status (ON/OFF) of one or more coils. This operation enables the master device to obtain the output status of the slave device.
- Request format:
| Address Field | Function Code | Starting Address (2 bytes) | Number of Read Points (2 bytes) | CRC Check |
- Response format:
| Address Field | Function Code | Number of Bytes (1 byte) | Data | CRC Check |
Data: Each byte represents the state of 8 coils, with each bit indicating on (1) or off (0).
Example: The master station requests to read the coil states of device at address 0x01, starting from address 0x0000 and spanning addresses 0x0000 to 0x0007. Request: 01 01 00 00 00 07 CRC
Response: 01 01 01 80 CRC
This indicates that the coil status of device 0x01 is 0x80 (0b10000000), meaning the first coil is ON, the second coil is OFF, and so on.
2. Function Code 0x02: Read Discrete Inputs
Function code 0x02 is used to read the status of one or more discrete inputs.
- Request format:
| Address Field | Function Code | Starting Address (2 bytes) | Number of Read Points (2 bytes) | CRC Check |
- Response format:
| Address Field | Function Code | Number of Bytes (1 byte) | Data | CRC Check |
Example: The master station requests to read the discrete input states of device at address 0x01, ranging from starting address 0x0000 to 0x0007. Request: 01 02 00 00 00 07 CRC
Response: 01 02 01 80 CRC
Indicates that the discrete input status of device 0x01 is: 0x80.
3. Function Code 0x03: Read Holding Registers
Function code 0x03 is used to read the values of one or more holding registers. Holding registers are typically used to store device configuration parameters or measurement results.
- Request format:
| Address Field | Function Code | Starting Address (2 bytes) | Number of Read Points (2 bytes) | CRC Check |
- Response format:
| Address Field | Function Code | Number of Bytes (1 byte) | Data (N bytes) | CRC Check |
Example: The master device requests to read two holding registers starting at address 0x0000 of device 0x01. Request: 01 03 00 00 00 02 CRC
Response: 01 03 04 00 01 00 02 CRC
This indicates that the value of the first register is 0x0001 and the value of the second register is 0x0002.
4. Function Code 0x04: Read Input Registers
Function code 0x04 is used to read the values of one or more input registers. Input registers are typically used to read measurement data from devices such as sensors.
- Request format:
| Address Field | Function Code | Starting Address (2 bytes) | Number of Read Points (2 bytes) | CRC Check |
- Response format:
| Address Field | Function Code | Number of Bytes (1 byte) | Data (N bytes) | CRC Check |
Example: The master device requests to read the input register values of device 0x01. Request: 01 04 00 00 00 02 CRC
Response: 01 04 04 00 01 00 02 CRC
This indicates that the value of the first input register is 0x0001, and the value of the second register is 0x0002.
5. Function Code 0x05: Force Single Coil
Function code 0x05 is used to forcibly set the state of a single coil to ON or OFF.
Request format:
| Address Field | Function Code | Starting Address (2 bytes) | Status (2 bytes) | CRC Check |
Status: 0xFF00 indicates ON, and 0x0000 indicates OFF.
Response format:
| Address Field | Function Code | Starting Address (2 bytes) | Status (2 bytes) | CRC Check |
Example: The master station requests that coil 0x0000 of device 0x01 be set to the ON state. Request: 01 05 00 00 FF 00 CRC
Response: 01 05 00 00 FF 00 CRC
6. Function Code 0x06: Write Single Register
Function code 0x06 is used to write the value of a holding register.
- Request format:
| Address Field | Function Code | Register Address (2 bytes) | Data (2 bytes) | CRC Check |
- Response format:
| Address Field | Function Code | Register Address (2 bytes) | Data (2 bytes) | CRC Check |
Example: The master device requests to write the holding register at address 0x0000 of device 0x01 with the value 0x0001. Request: 01 06 00 00 00 01 CRC
Response: 01 06 00 00 00 01 CRC
Related News
Exploring the Future Development and Applications of Busbar Trunking Systems
This article explains the importance of busbar trunking systems in modern power systems and their future development trends.
2026-04-10
Hello, how may we assist you?
*Note: Please ensure all information is accurate; we will contact you as soon as possible.
SAF Coolest v1.3.1.1 设置面板 JYOSD-ZUEU-XXZSE-SZV
无数据提示
Sorry, this section is currently being updated. Please stay tuned!
You can view other sections or return.Home