Application Security Testing: An Integral Part of DevOps
Simulator for Modbus slaves over RS232/RS485 and TCP/IP amongst other protocols.
Compiles with Visual C++ 6.0, VS 9.0 and runs on Windows 98/NT4/2000/XP and 95/Me, too.
Click here for a larger image.
This simulator was originally written to allow the testing of a MODBUS RTU serial driver without having to get 254 little MODBUS PLCs into one office. It, however, grew and is growing to support other protocols (open-mbus TCP/IP, Allen-Bradly DF1 slave+master) as well. It is not, by any means, a full implementation of the protocol(s) implemented; For Modbus I have all the commonly used functions and some advanced ones.
This project's own homepage is now www.plcsimulator.org.
This simulator actually originated while I was trying to write a stable socket wrapper of the Windows Sockets API, and the Texas Instruments TCP/IP protocol, but that is another story. It then was re-written for Modbus RTU, and I added TCP/IP according to the OpenMBUS spec. Next, I added Allen-Bradley DF1, and have a specialized modification of a DF1 MASTER, called JOY, which is highly specific.
This program was initially written over a few weekends, and now that I no longer work much with comms., it has become a labor of love. I Still fix bugs if you explain them nicely. Although testing is difficult because I have no equipment, I even add features from time to time.
Modbus surpasses the limitations in other programs I have found in the past by:
- Allowing it to simulate more than one RTU at once.
- Allowing the editing and displaying of all the registers.
- Allowing the scanning of registers not actually in the display.
- Running on >1 comm ports. (You have to run two copies of the program.) You need to run the first copy; then, when you run it again, it defaults to use the next free RS-232 port.
- A way to disable just certain stations. (Is done now; just click on the boxes at the bottom.)
- Load and save values you type into each register (the file is saved in the same folder) as well as simulate changes in the values using scripting!
- A comm debugger screen (Hotkey Ctrl+C.).
- Show statuses for all stations, not just the first couple.
- Nothing really. I would have liked to have written this thing in a more generic fashion (time does not permit) to support as many protocols as I liked.
- Maybe MODBUS ASCII protocol support.
- Any suggestions, please send.
I'm pretty sure it does compile nicely. Linking is a bit hairy if you are missing the lib-file "mylib.lib". Please download it as a separate zip file below, and compile. Then, set the linker options appropriately to point to it. Not all of this code is production code, and as such is not fully tested. Use it at your own risk.
Code updates are available in my Sourceforge subversion repository.
svn co https://modrssim.svn.sourceforge.net/svnroot/modrssim modrssim
Modbus Compatibility Classes
To get a really high score when it comes to compatibility with different devices, you want lots of functionality, but minimal code—especially if RAM is limited.
Because the source for this project is open, I imagine it will get many bug-reports and fixes at low cost, and add stability as it ages.
|Class 0: the bare minumum|
|03 hex||Read Multiple Registers|
|10 hex||Write Multiple Registers|
|Class 1: ideal|
|01 hex||Read Coils|
|02 hex||Read Inputs|
|04 hex||Read Input Registers|
|05 hex||Write Coil|
|06 hex||Write Single Register|
|07 hex||Read Exception Status|
|Class 2: almost overkill|
|0F hex||Force Multiple Coils|
|16 hex||Mask-write Register|
|17 hex||Read,Write Multiple registers|
There are 13 new classes and a dozen useful utility routines in here.
I am not going to give a full feature and User-Interface run-down because it has built-in/linked-in help; just press F1. Here are the basics, which most of us will get in five minutes anyway.
- Launch the app; it should open the first free RS-232 port. To select Ethernet, click in the drop-list to the right. Click on the Port Settings..." button to change any settings. Settings are saved to the Registry.
- Hook up a cable (just a 2, 3, and 7 crossed; 4 and 5 looped; and 6, 8, and 20 looped should be fine; hardware handshaking is not my strong side). A diagram is in the help file.
- Click on Animation Settings... to change the color of the cute indicators at the bottom, and set up some simple simulation data changes.
- The cute boxes at the bottom work like indicators to show which stations are active; the gray outline of each box will change color (they turn off after five seconds), and clicking them disables each station (only 60 are shown at once; please scroll). The green background turns red to show disabled.
- Double-click on the list-view over a register to edit its value. Double-clicking a digital I/O just toggles it.
- Zero values will clear all values (also, the digitals become 0).
- Load will not work unless you have saved first.
- Save will save all the register values to a flat binary file (don't edit it; I can't) called 'modbus.dat', in the current folder. This is nice to allow you to fill the registers with values, and then come back later to the same setup. If you use different file versions or sizes, you will have a big problem, so do not bother me with this. Create a fix for it and mail the code to me.
- Switch between the Hex and Decimal views. (Addresses also come in hex; this is just me fiddling.)
- New option for starting with all devices offline added (by request).
- Report any problems only after trying for at least a day to figure out what you got wrong because this program does work!
- The program has a demo mode. Just post on the article forum below, or send a message, and I will send you a free unlock code.
In the words of Paul DiLascia: If this code works, it was written by Conrad Braam. If not, I don't know who wrote it.
I get lots of people asking, How do I select TCP/IP? Well, that is easy; find the drop-list control near the right, and pick TCP/IP from that. All toolbar buttons change their functions as a result.
See also the project website: www.plcsimulator.org