First of all thank you for writing this tool, it's been very helpful during development of my own Modbus TCP implementation!
I came across something which deviates from the Modbus Protocol specification in the Modbus Slave tool (server):
When I write a single coil with value 0xFF00 at address 0x0000, the following message gets sent back to me (I have copied it from the Communication Log): TX: 00 10 00 00 00 06 01 05 00 00 00 01.
Manually decoding the message according to the Modbus Protocol spec using the "Modbus Application Protocol" document - section 6.5 "05 (0x05) Write Single Coil" leads to the following:
Transaction ID: 0x0010
Protocol ID: 0x0000
Length: 0x0006
Unit ID: 0x01
Function Code: 0x05
Output Address: 0x0000
Output Value: 0x0001
The part that's off is the "Output Value" field (the last 2 bytes of the message). According to spec this has to be either 0x0000 or 0xFF00 depending on what value was written to the coil. The returned value is neither of those two (and from my testing, is always 0x0001 regardless of whether a high or low value is written).
I have tried to figure out where this problem arises from, and I have been able to narrow it down to this file. Looking at the ServerEncode function, instead of the written value being pushed into the message, the message header is (using the PushRequestHeader function). This deviates from the specification.
ThomasvLingen
commented
6 years ago
Hello @graham22!
First of all thank you for writing this tool, it's been very helpful during development of my own Modbus TCP implementation!
I came across something which deviates from the Modbus Protocol specification in the Modbus Slave tool (server):
When I write a single coil with value
0xFF00at address0x0000, the following message gets sent back to me (I have copied it from the Communication Log):TX: 00 10 00 00 00 06 01 05 00 00 00 01.Manually decoding the message according to the Modbus Protocol spec using the "Modbus Application Protocol" document - section 6.5 "05 (0x05) Write Single Coil" leads to the following:
The part that's off is the "Output Value" field (the last 2 bytes of the message). According to spec this has to be either
0x0000or0xFF00depending on what value was written to the coil. The returned value is neither of those two (and from my testing, is always0x0001regardless of whether a high or low value is written).I have tried to figure out where this problem arises from, and I have been able to narrow it down to this file. Looking at the
ServerEncodefunction, instead of the written value being pushed into the message, the message header is (using thePushRequestHeaderfunction). This deviates from the specification.