[网关开发] 西门子 S7 通信协议概述1
科控物联
发布于 2023-09-01 00:08:04
发布于 2023-09-01 00:08:04
代码可运行
运行总次数:0
代码可运行
如果 S7 是一辆汽车,它可能看起来像这样:
据我所知,S7协议没有公开的文档,但是有一些值得注意的项目可以帮助处理它。Davide Nardella创建了一个出色的开源通信库Snap7,它实现了基本的通信场景。该库附带了有关 S7 协议基本结构的大量文档。另一个伟大的项目是Thomas W.的S7 Wireshark剖析器,它涵盖了大部分协议,其源代码包含一长串协议常量。在我使用西门子设备的这些年里,这些对我来说是无价的。由于没有官方文档,因此在涉及S7协议时不存在官方术语。在本文档的其余部分,我尽量遵守上述项目中使用的术语。
1. 西门子通信场景
在介绍更多技术细节之前,我想简要介绍一下基本的西门子通信影院。当我谈论“S7协议”时,我指的是以太网S7通信,主要用于将PLC连接到(I)PC站(PG / PC - PLC通信)。这不应与西门子设备使用的不同现场总线协议混淆,例如MPI,Profibus,IE和Profinet(这是一种基于以太网的协议,用于将PLC连接到IO模块,而不是设备的管理协议)。
大多数情况下,西门子通信遵循传统的主-从或客户端-服务器模型,其中PC(主/客户端)向现场设备(从/服务器)发送S7请求。这些请求用于从设备查询或向设备发送数据或发出某些命令。当PLC可以作为通信主机时,有一些例外,使用FB14 / FB15,设备可以向其他设备发起GET和PUT请求。
在S400系列中,实现了所谓的循环数据I / O功能,这类似于传统的发布者 - 订阅者模型。PC可以订阅某些事件,而不是PLC定期将请求的数据推送到网络。还有一个合作伙伴或对等模型,当主动合作伙伴请求连接并调用块发送,同时被动合作伙伴调用块接收方法时。
有关 S7 通信的一般概述的更多信息,请参阅西门子 Simatic Net 和 Snap7 文档。
2. S7 PDU
S7 协议 TCP/IP 实现依赖于面向块的 ISO 传输服务。S7协议包装在TPKT和ISO-COTP协议中,允许PDU(协议数据单元)通过TCP传输。TCP 通信上的 ISO 在 RFC1006 中定义,ISO-COTP 在基于 ISO 2126 协议 (RFC8073) 的 RFC905 中定义。下图显示了此结构。
S7协议是面向功能/命令的,这意味着传输由S7请求和适当的回复组成(极少数例外)。并行传输的数量和 PDU 的最大长度在连接设置期间协商。
S7 PDU 由三个主要部分组成:
- 标头:包含长度信息、PDU 引用和消息类型常量
- 参数:内容和结构因PDU的消息和功能类型而异
- 数据:如果有的话,携带数据是一个可选字段,例如内存值、块代码、固件数据......等。
2.1 标题
标头长度为 10-12 字节,确认消息包含两个额外的错误代码字节。除此之外,标头格式在所有 PDU 中都是一致的。
Fields:
协议 ID:[1b] 协议常量始终设置为 0x32
消息类型:[1b] 消息的一般类型(有时称为 ROSCTR 类型)
- 0x01作业请求:由主站发送的请求(例如读/写存储器、读/写块、启动/停止设备、设置通信)
- 0x02-Ack:由没有数据字段的从站发送的简单确认(我从未见过S300 / S400设备发送)
- 0x03-Ack-Data:带有可选数据字段的确认,包含对作业请求的回复
- 0x07-Userdata:原始协议的扩展,参数字段包含请求/响应ID,(用于编程/调试,SZL读取,安全功能,时间设置,循环读取。
- 保留:[2b] 始终设置为 0x0000(但可能被忽略)
- PDU参考:[2b]由主站生成,随着每次新传输而递增,用于链接响应他们的请求,小端序(注意:这是WinCC,Step7和其他西门子程序的行为,它可能是随机生成的,PLC只是将其复制到回复中)
- 参数长度:[2b] 参数字段的长度,大端序
- 数据长度:[2b] 数据字段的长度,大端序
- (错误类):[1b] 仅存在于 Ack-Data 消息中,可能的错误常量列在常量中.txt
##
# Most of this is extracted from s7comm
# wireshark dissector plugin sources
# created by Thomas Wiens <th.wiens[AT]gmx.de>
# Date: 2016-15-03
# Author: Gyorgy Miru
# Version: 0.2
##
#Protocol ID:
0x32 - Protocol ID
#Message Types:
0x01 - Job Request
0x02 - Ack
0x03 - Ack-Data
0x07 - Userdata
#Header Error Class:
0x00 - No error
0x81 - Application relationship error
0x82 - Object definition error
0x83 - No ressources available error
0x84 - Error on service processing
0x85 - Error on supplies
0x87 - Access error
#Header Error Codes: (Further refines error)
#Parameter Error Codes:
0x0000 - No error
0x0110 - Invalid block type number
0x0112 - Invalid parameter
0x011A - PG ressource error
0x011B - PLC ressource error
0x011C - Protocol error
0x011F - User buffer too short
0x0141 - Request error
0x01C0 - Version mismatch
0x01F0 - Not implemented
0x8001 - L7 invalid CPU state
0x8500 - L7 PDU size error
0xD401 - L7 invalid SZL ID
0xD402 - L7 invalid index
0xD403 - L7 DGS Connection already announced
0xD404 - L7 Max user NB
0xD405 - L7 DGS function parameter syntax error
0xD406 - L7 no info
0xD601 - L7 PRT function parameter syntax error
0xD801 - L7 invalid variable address
0xD802 - L7 unknown request
0xD803 - L7 invalid request status
#Return value of item response
0x00 - Reserved
0x01 - Hardware fault
0x03 - Accessing the object not allowed
0x05 - Address out of range
0x06 - Data type not supported
0x07 - Data type inconsistent
0x0a - Object does not exist
0xff - Success
#Job Request/Ack-Data function codes
0x00 - CPU services
0xF0 - Setup communication
0x04 - Read Variable
0x05 - Write Variable
0x1A - Request download
0x1B - Download block
0x1C - Download ended
0x1D - Start upload
0x1E - Upload
0x1F - End upload
0x28 - PLC Control
0x29 - PLC Stop
#Memory Areas
0x03 - System info of S200 family
0x05 - System flags of S200 family
0x06 - Analog inputs of S200 family
0x07 - Analog outputs of S200 family
0x1C - S7 counters (C)
0x1D - S7 timers (T)
0x1E - IEC counters (200 family)
0x1F - IEC timers (200 family)
0x80 - Direct peripheral access (P)
0x81 - Inputs (I)
0x82 - Outputs (Q)
0x83 - Flags (M) (Merker)
0x84 - Data blocks (DB)
0x85 - Instance data blocks (DI)
0x86 - Local data (L)
0x87 - Unknown yet (V)
#Transport size (variable Type) in Item data
0x01 - BIT
0x02 - BYTE
0x03 - CHAR
0x04 - WORD
0x05 - INT
0x06 - DWORD
0x07 - DINT
0x08 - REAL
0x09 - DATE
0x0A - TOD
0x0B - TIME
0x0C - S5TIME
0x0F - DATE AND TIME
0x1C - COUNTER
0x1D - TIMER
0x1E - IEC TIMER
0x1F - IEC COUNTER
0x20 - HS COUNTER
#Variable ddressing mode
0x10 - S7-Any pointer (regular addressing) memory+variable length+offset
0xa2 - Drive-ES-Any seen on Drive ES Starter with routing over S7
0xb2 - S1200/S1500? Symbolic addressing mode
0xb0 - Special DB addressing for S400 (subitem read/write)
#Transport size in data
0x00 - NULL
0x03 - BIT
0x04 - BYTE/WORD/DWORD
0x05 - INTEGER
0x07 - REAL
0x09 - OCTET STRING
#Block type constants
'08' - OB
'0A' - DB
'0B' - SDB
'0C' - FC
'0D' - SFC
'0E' - FB
'0F' - SFB
#Sub block types
0x08 - OB
0x0a - DB
0x0b - SDB
0x0c - FC
0x0d - SFC
0x0e - FB
0x0f - SFB
#Block security mode
0 - None
3 - Kow How Protect
#Block Language
0x00 - Not defined
0x01 - AWL
0x02 - KOP
0x03 - FUP
0x04 - SCL
0x05 - DB
0x06 - GRAPH
0x07 - SDB
0x08 - CPU-DB DB was created from Plc programm (CREAT_DB)
0x11 - SDB (after overall reset) another SDB, don't know what it means, in SDB 1 and SDB 2, uncertain
0x12 - SDB (Routing) another SDB, in SDB 999 and SDB 1000 (routing information), uncertain
0x29 - ENCRYPT block is encrypted (encoded?) with S7-Block-Privacy
#Userdata transmission type
0x0 - Push cyclic data push by the PLC
0x4 - Request by the master
0x8 - Response by the slave
#Userdata last PDU
0x00 - Yes
0x01 - No
#Userdata Functions
0x1 - Programmer commands
0x2 - Cyclic data
0x3 - Block functions
0x4 - CPU functions
0x5 - Security
0x7 - Time functions
#Variable table type of data
0x14 - Request
0x04 - Response
#VAT area and length type
0x01 - MB
0x02 - MW
0x03 - MD
0x11 - IB
0x12 - IW
0x13 - ID
0x21 - QB
0x22 - QW
0x23 - QD
0x31 - PIB
0x32 - PIW
0x33 - PID
0x71 - DBB
0x72 - DBW
0x73 - DBD
0x54 - TIMER
0x64 - COUNTER
#Userdata programmer subfunctions
0x01 - Request diag data (Type 1)
0x02 - VarTab
0x0c - Erase
0x0e - Read diag data
0x0f - Remove diag data
0x10 - Forces
0x13 - Request diag data (Type2)
#Userdata cyclic data subfunctions
0x01 - Memory
0x04 - Unsubscribe
#Userdata block subfunctions
0x01 - List blocks
0x02 - List blocks of type
0x03 - Get block info
#Userdata CPU subfunctions
0x01 - Read SZL
0x02 - Message service
0x03 - Transition to stop
0x0b - Alarm was acknowledged in HMI/SCADA 1
0x0c - Alarm was acknowledged in HMI/SCADA 2
0x11 - PLC is indicating a ALARM message
0x13 - HMI/SCADA initiating ALARM subscription
#Userdata security subfunctions
0x01 - PLC password
#Userdata time subfunctions
0x01 - Read clock
0x02 - Set clock
0x03 - Read clock (following)
0x04 - Set clock
#Flags for LID access
0x2 - Encapsulated LID
0x3 - Encapsulated Index
0x4 - Obtain by LID
0x5 - Obtain by Index
0x6 - Part Start Address
0x7 - Part Length
#TIA 1200 area names
0x8a0e - DB
0x0000 - IQMCT
0x50 - Inputs (I)
0x51 - Outputs (Q)
0x52 - Flags (M)
0x53 - Counter (C)
0x54 - Timer (T)
- (错误代码):[1b] 仅存在于 Ack-Data 消息中,可能的错误常量列在常量中.txt
##
# Most of this is extracted from s7comm
# wireshark dissector plugin sources
# created by Thomas Wiens <th.wiens[AT]gmx.de>
# Date: 2016-15-03
# Author: Gyorgy Miru
# Version: 0.2
##
#Protocol ID:
0x32 - Protocol ID
#Message Types:
0x01 - Job Request
0x02 - Ack
0x03 - Ack-Data
0x07 - Userdata
#Header Error Class:
0x00 - No error
0x81 - Application relationship error
0x82 - Object definition error
0x83 - No ressources available error
0x84 - Error on service processing
0x85 - Error on supplies
0x87 - Access error
#Header Error Codes: (Further refines error)
#Parameter Error Codes:
0x0000 - No error
0x0110 - Invalid block type number
0x0112 - Invalid parameter
0x011A - PG ressource error
0x011B - PLC ressource error
0x011C - Protocol error
0x011F - User buffer too short
0x0141 - Request error
0x01C0 - Version mismatch
0x01F0 - Not implemented
0x8001 - L7 invalid CPU state
0x8500 - L7 PDU size error
0xD401 - L7 invalid SZL ID
0xD402 - L7 invalid index
0xD403 - L7 DGS Connection already announced
0xD404 - L7 Max user NB
0xD405 - L7 DGS function parameter syntax error
0xD406 - L7 no info
0xD601 - L7 PRT function parameter syntax error
0xD801 - L7 invalid variable address
0xD802 - L7 unknown request
0xD803 - L7 invalid request status
#Return value of item response
0x00 - Reserved
0x01 - Hardware fault
0x03 - Accessing the object not allowed
0x05 - Address out of range
0x06 - Data type not supported
0x07 - Data type inconsistent
0x0a - Object does not exist
0xff - Success
#Job Request/Ack-Data function codes
0x00 - CPU services
0xF0 - Setup communication
0x04 - Read Variable
0x05 - Write Variable
0x1A - Request download
0x1B - Download block
0x1C - Download ended
0x1D - Start upload
0x1E - Upload
0x1F - End upload
0x28 - PLC Control
0x29 - PLC Stop
#Memory Areas
0x03 - System info of S200 family
0x05 - System flags of S200 family
0x06 - Analog inputs of S200 family
0x07 - Analog outputs of S200 family
0x1C - S7 counters (C)
0x1D - S7 timers (T)
0x1E - IEC counters (200 family)
0x1F - IEC timers (200 family)
0x80 - Direct peripheral access (P)
0x81 - Inputs (I)
0x82 - Outputs (Q)
0x83 - Flags (M) (Merker)
0x84 - Data blocks (DB)
0x85 - Instance data blocks (DI)
0x86 - Local data (L)
0x87 - Unknown yet (V)
#Transport size (variable Type) in Item data
0x01 - BIT
0x02 - BYTE
0x03 - CHAR
0x04 - WORD
0x05 - INT
0x06 - DWORD
0x07 - DINT
0x08 - REAL
0x09 - DATE
0x0A - TOD
0x0B - TIME
0x0C - S5TIME
0x0F - DATE AND TIME
0x1C - COUNTER
0x1D - TIMER
0x1E - IEC TIMER
0x1F - IEC COUNTER
0x20 - HS COUNTER
#Variable ddressing mode
0x10 - S7-Any pointer (regular addressing) memory+variable length+offset
0xa2 - Drive-ES-Any seen on Drive ES Starter with routing over S7
0xb2 - S1200/S1500? Symbolic addressing mode
0xb0 - Special DB addressing for S400 (subitem read/write)
#Transport size in data
0x00 - NULL
0x03 - BIT
0x04 - BYTE/WORD/DWORD
0x05 - INTEGER
0x07 - REAL
0x09 - OCTET STRING
#Block type constants
'08' - OB
'0A' - DB
'0B' - SDB
'0C' - FC
'0D' - SFC
'0E' - FB
'0F' - SFB
#Sub block types
0x08 - OB
0x0a - DB
0x0b - SDB
0x0c - FC
0x0d - SFC
0x0e - FB
0x0f - SFB
#Block security mode
0 - None
3 - Kow How Protect
#Block Language
0x00 - Not defined
0x01 - AWL
0x02 - KOP
0x03 - FUP
0x04 - SCL
0x05 - DB
0x06 - GRAPH
0x07 - SDB
0x08 - CPU-DB DB was created from Plc programm (CREAT_DB)
0x11 - SDB (after overall reset) another SDB, don't know what it means, in SDB 1 and SDB 2, uncertain
0x12 - SDB (Routing) another SDB, in SDB 999 and SDB 1000 (routing information), uncertain
0x29 - ENCRYPT block is encrypted (encoded?) with S7-Block-Privacy
#Userdata transmission type
0x0 - Push cyclic data push by the PLC
0x4 - Request by the master
0x8 - Response by the slave
#Userdata last PDU
0x00 - Yes
0x01 - No
#Userdata Functions
0x1 - Programmer commands
0x2 - Cyclic data
0x3 - Block functions
0x4 - CPU functions
0x5 - Security
0x7 - Time functions
#Variable table type of data
0x14 - Request
0x04 - Response
#VAT area and length type
0x01 - MB
0x02 - MW
0x03 - MD
0x11 - IB
0x12 - IW
0x13 - ID
0x21 - QB
0x22 - QW
0x23 - QD
0x31 - PIB
0x32 - PIW
0x33 - PID
0x71 - DBB
0x72 - DBW
0x73 - DBD
0x54 - TIMER
0x64 - COUNTER
#Userdata programmer subfunctions
0x01 - Request diag data (Type 1)
0x02 - VarTab
0x0c - Erase
0x0e - Read diag data
0x0f - Remove diag data
0x10 - Forces
0x13 - Request diag data (Type2)
#Userdata cyclic data subfunctions
0x01 - Memory
0x04 - Unsubscribe
#Userdata block subfunctions
0x01 - List blocks
0x02 - List blocks of type
0x03 - Get block info
#Userdata CPU subfunctions
0x01 - Read SZL
0x02 - Message service
0x03 - Transition to stop
0x0b - Alarm was acknowledged in HMI/SCADA 1
0x0c - Alarm was acknowledged in HMI/SCADA 2
0x11 - PLC is indicating a ALARM message
0x13 - HMI/SCADA initiating ALARM subscription
#Userdata security subfunctions
0x01 - PLC password
#Userdata time subfunctions
0x01 - Read clock
0x02 - Set clock
0x03 - Read clock (following)
0x04 - Set clock
#Flags for LID access
0x2 - Encapsulated LID
0x3 - Encapsulated Index
0x4 - Obtain by LID
0x5 - Obtain by Index
0x6 - Part Start Address
0x7 - Part Length
#TIA 1200 area names
0x8a0e - DB
0x0000 - IQMCT
0x50 - Inputs (I)
0x51 - Outputs (Q)
0x52 - Flags (M)
0x53 - Counter (C)
0x54 - Timer (T)
消息的其余部分在很大程度上取决于消息类型和函数代码,
##
# Most of this is extracted from s7comm
# wireshark dissector plugin sources
# created by Thomas Wiens <th.wiens[AT]gmx.de>
# Date: 2016-15-03
# Author: Gyorgy Miru
# Version: 0.2
##
#Protocol ID:
0x32 - Protocol ID
#Message Types:
0x01 - Job Request
0x02 - Ack
0x03 - Ack-Data
0x07 - Userdata
#Header Error Class:
0x00 - No error
0x81 - Application relationship error
0x82 - Object definition error
0x83 - No ressources available error
0x84 - Error on service processing
0x85 - Error on supplies
0x87 - Access error
#Header Error Codes: (Further refines error)
#Parameter Error Codes:
0x0000 - No error
0x0110 - Invalid block type number
0x0112 - Invalid parameter
0x011A - PG ressource error
0x011B - PLC ressource error
0x011C - Protocol error
0x011F - User buffer too short
0x0141 - Request error
0x01C0 - Version mismatch
0x01F0 - Not implemented
0x8001 - L7 invalid CPU state
0x8500 - L7 PDU size error
0xD401 - L7 invalid SZL ID
0xD402 - L7 invalid index
0xD403 - L7 DGS Connection already announced
0xD404 - L7 Max user NB
0xD405 - L7 DGS function parameter syntax error
0xD406 - L7 no info
0xD601 - L7 PRT function parameter syntax error
0xD801 - L7 invalid variable address
0xD802 - L7 unknown request
0xD803 - L7 invalid request status
#Return value of item response
0x00 - Reserved
0x01 - Hardware fault
0x03 - Accessing the object not allowed
0x05 - Address out of range
0x06 - Data type not supported
0x07 - Data type inconsistent
0x0a - Object does not exist
0xff - Success
#Job Request/Ack-Data function codes
0x00 - CPU services
0xF0 - Setup communication
0x04 - Read Variable
0x05 - Write Variable
0x1A - Request download
0x1B - Download block
0x1C - Download ended
0x1D - Start upload
0x1E - Upload
0x1F - End upload
0x28 - PLC Control
0x29 - PLC Stop
#Memory Areas
0x03 - System info of S200 family
0x05 - System flags of S200 family
0x06 - Analog inputs of S200 family
0x07 - Analog outputs of S200 family
0x1C - S7 counters (C)
0x1D - S7 timers (T)
0x1E - IEC counters (200 family)
0x1F - IEC timers (200 family)
0x80 - Direct peripheral access (P)
0x81 - Inputs (I)
0x82 - Outputs (Q)
0x83 - Flags (M) (Merker)
0x84 - Data blocks (DB)
0x85 - Instance data blocks (DI)
0x86 - Local data (L)
0x87 - Unknown yet (V)
#Transport size (variable Type) in Item data
0x01 - BIT
0x02 - BYTE
0x03 - CHAR
0x04 - WORD
0x05 - INT
0x06 - DWORD
0x07 - DINT
0x08 - REAL
0x09 - DATE
0x0A - TOD
0x0B - TIME
0x0C - S5TIME
0x0F - DATE AND TIME
0x1C - COUNTER
0x1D - TIMER
0x1E - IEC TIMER
0x1F - IEC COUNTER
0x20 - HS COUNTER
#Variable ddressing mode
0x10 - S7-Any pointer (regular addressing) memory+variable length+offset
0xa2 - Drive-ES-Any seen on Drive ES Starter with routing over S7
0xb2 - S1200/S1500? Symbolic addressing mode
0xb0 - Special DB addressing for S400 (subitem read/write)
#Transport size in data
0x00 - NULL
0x03 - BIT
0x04 - BYTE/WORD/DWORD
0x05 - INTEGER
0x07 - REAL
0x09 - OCTET STRING
#Block type constants
'08' - OB
'0A' - DB
'0B' - SDB
'0C' - FC
'0D' - SFC
'0E' - FB
'0F' - SFB
#Sub block types
0x08 - OB
0x0a - DB
0x0b - SDB
0x0c - FC
0x0d - SFC
0x0e - FB
0x0f - SFB
#Block security mode
0 - None
3 - Kow How Protect
#Block Language
0x00 - Not defined
0x01 - AWL
0x02 - KOP
0x03 - FUP
0x04 - SCL
0x05 - DB
0x06 - GRAPH
0x07 - SDB
0x08 - CPU-DB DB was created from Plc programm (CREAT_DB)
0x11 - SDB (after overall reset) another SDB, don't know what it means, in SDB 1 and SDB 2, uncertain
0x12 - SDB (Routing) another SDB, in SDB 999 and SDB 1000 (routing information), uncertain
0x29 - ENCRYPT block is encrypted (encoded?) with S7-Block-Privacy
#Userdata transmission type
0x0 - Push cyclic data push by the PLC
0x4 - Request by the master
0x8 - Response by the slave
#Userdata last PDU
0x00 - Yes
0x01 - No
#Userdata Functions
0x1 - Programmer commands
0x2 - Cyclic data
0x3 - Block functions
0x4 - CPU functions
0x5 - Security
0x7 - Time functions
#Variable table type of data
0x14 - Request
0x04 - Response
#VAT area and length type
0x01 - MB
0x02 - MW
0x03 - MD
0x11 - IB
0x12 - IW
0x13 - ID
0x21 - QB
0x22 - QW
0x23 - QD
0x31 - PIB
0x32 - PIW
0x33 - PID
0x71 - DBB
0x72 - DBW
0x73 - DBD
0x54 - TIMER
0x64 - COUNTER
#Userdata programmer subfunctions
0x01 - Request diag data (Type 1)
0x02 - VarTab
0x0c - Erase
0x0e - Read diag data
0x0f - Remove diag data
0x10 - Forces
0x13 - Request diag data (Type2)
#Userdata cyclic data subfunctions
0x01 - Memory
0x04 - Unsubscribe
#Userdata block subfunctions
0x01 - List blocks
0x02 - List blocks of type
0x03 - Get block info
#Userdata CPU subfunctions
0x01 - Read SZL
0x02 - Message service
0x03 - Transition to stop
0x0b - Alarm was acknowledged in HMI/SCADA 1
0x0c - Alarm was acknowledged in HMI/SCADA 2
0x11 - PLC is indicating a ALARM message
0x13 - HMI/SCADA initiating ALARM subscription
#Userdata security subfunctions
0x01 - PLC password
#Userdata time subfunctions
0x01 - Read clock
0x02 - Set clock
0x03 - Read clock (following)
0x04 - Set clock
#Flags for LID access
0x2 - Encapsulated LID
0x3 - Encapsulated Index
0x4 - Obtain by LID
0x5 - Obtain by Index
0x6 - Part Start Address
0x7 - Part Length
#TIA 1200 area names
0x8a0e - DB
0x0000 - IQMCT
0x50 - Inputs (I)
0x51 - Outputs (Q)
0x52 - Flags (M)
0x53 - Counter (C)
0x54 - Timer (T)
本文参与 腾讯云自媒体同步曝光计划,分享自微信公众号。
原始发表:2023-07-30,如有侵权请联系 cloudcommunity@tencent.com 删除
评论
登录后参与评论
暂无评论
推荐阅读
![[ffffffff0x] 工控协议:S7COMM协议分析(下)](https://ask.qcloudimg.com/article-cover-image/4377213/shanyyf722.jpg)
![[网关开发] 西门子 S7 通信协议概述2](https://developer.qcloudimg.com/http-save/yehe-8197675/86bd9fa5935dcb5dff156ffed4793895.jpg)
![[ffffffff0x] 工控协议:S7COMM协议分析(上)](https://ask.qcloudimg.com/article-cover-image/4377213/fsadypask1.jpg)
![Modbus TCP 入门学习[通俗易懂]](https://ask.qcloudimg.com/http-save/yehe-8223537/e237dde84fa7dae06cf0daa6b3cfb473.png)
推荐阅读
相关推荐
S7Comm报文详解
更多 >
腾讯云开发者
