How to get Modbus slave legal adresses (Modbus TCP)?


Thread Starter


Hi all,

I searched the web and the forums here but didn't find the answer to my question, may have missed it, sorry if so.

Context is OpenModbus on TCP/IP.

I'm programming a 16 analog channels acquisition device. This device provides a Modbus server and a list of pre-programmed functions to interact with it (a sort of API).

For example:

A function 'modbus_call_MSXE301x__AnalogInputGetAutoRefreshValues' is encapsulating the call to 'modbus_send_FC3_query' function corresponding to the read multiple registers Modbus function, with the pre-programmed registers dedicated to store input channels values. In my case starting register is 100.

When I use this function, it works just fine and I get the values of each of my analog input channels.

What I want to do for the needs of my programming is, in addition of using the preprogrammed functions, read 2 Modbus registers (set by another device on the modbus slave) and set 3 Modbus registers (which will be read by the other device). All I want to store in these registers is unsigned integer values (16 bits will fit).

How can I know which registers are allowable/readable other than the ones referenced by the device documentation for pre-programmed functions?

Thanks forward for your help, I hope I was clear enough for this to be understandable.

Have a nice day :)


The short answer is that you can't. Each device has a memory map onboard that is setup by the manufacturer. They generally provide this map with the device documentation. Any register that is not documented as available for read/write functions will be reserved for internal use. The only way you can figure out if any of those off grid registers are useful is to try and read/write to each of them and hope that you don't destroy the devices functions in the process. This kind of trial and error is hazy at best and never guaranteed. I advise against it.