Communicating with PLCs


Thread Starter


I am looking to communicate with a PLC using MODBUS protocol. I am not sure how to do it. I can send ASCII characters from my computer through winwedge software but I am not sure how to use MODBUS to activate the PLC.

There are visual basic libraries for several Communications protocols available.

I suggest you to try those from vHMI Automation
you ca dowload and evaluate the demo, for me , they have been quite helpful.

I can help you out if you want.


Michael T Mellish

Modbus protocol recognises TWO data types within PLC systems: Boolean & 16 bit Integer. You can read & write both data types using standard modbus function calls.

The key function codes are:
01 Read Coil Status
02 Read Input Status
03 Read Holding Registers
04 Read Input Registers
05 Force Single Coil
15 (0F Hex) Force Multiple Coils
16 (10 Hex) Preset Multiple Regs

The reality is that most systems can be completed using function codes 1, 3, 5 & 16. This is because most booleans can all be treated as coils for communications needs, and all other data is mapped to "Registers" which are 16 bit integers that may be used as unsigned, signed, bit or even combine several "Registers" together to create floating point (2 registers for a 32 real variable) and 2 bytes per registers to store string data.

Modbus operates in 2 character framing styles:

ASCII Mode uses an two ASCII characters to define the value of every byte. The ASCII character is the letter or number for the hex value of the four bits (half a byte) so it is always a 0-9 or A-F character. All ASCII messages start with a colon :)), end with an LRC (Longitudinal Redundancy Check followed by CR/LF. The leading start of message :)), message structure, combinantion of only 26 legal characters (out of 128 possible, LRC & end of message (Carrige Return / Line Feed) provide a secure message structure, easy for simply drivers to manage.

RTU is more complex BUT uses 50% few characters per message. When using modem, radio or other interfaces this can be quite important. RTU uses the actual value of each byte without any encoding. Thus is the PLC address is 01, and the function code is 01, these are each expresses as a single byte, of value 01. As all characters are legal, there is NO start of message or end of message characters. One must assemble a message, transmit it, and recognise what the start of a valid response message will look like (i.e. if a message is sent to PLC Address #3, the starting character of any valid response will be a byte of decimal value 3. The next byte will be the function code the PLC is responding to, which must match the function code sent. With these two matched, the rest of the message can be accepted & decoded. As all values the message bytes could be valid, the chance of bit damage going undected is higher, so the protocol uses a CRC-16 to ensure data integrity.

Best place to find a wide range of Modbus message examples is PI–MBUS–300 (download from