This example is based on the PLC bus protocol analysis function of BCNet-CP/CJ-S. When the PLC register address or point table data cannot be obtained, it can detect the data points of the HMI touch screen, and combine the panel information of the touch screen to analyze the current Important point table information for PLC.
BCNet-CP/CJ-S is an economical Ethernet communication processor, which is designed to meet the increasing demands of factory equipment informatization (equipment network monitoring and production management). It is used in Omron CP1L/CP1E/CP1H / The Ethernet data acquisition of CJ1M/CJ2M/CS1/CG1/CV/NX1P series PLC is very convenient to build a production management system. The module integrates WiFi function, supports AP mode, STA mode and AP+STA mode, which is very convenient to build a WiFi network, and perform PLC programming and data collection directly through WiFi.
BCNet-CP/CJ-S adopts a modular design and does not occupy the PLC communication port, that is, while the programming software/host computer software monitors the PLC data through Ethernet, the touch screen can communicate with the PLC through the multiplexing interface. BCNet-CP/CJ-S supports the vast majority of SCADA software in the field of industrial control, and supports Omron Ethernet protocol and Modbus TCP master-slave communication mode.
hardware connection
- As shown in the figure, the original system is a touch screen connected to the DB9 serial port of CP1H. Now without changing the original system, the BCNet-CP/CJ-S module has been added to realize Ethernet data acquisition, PLC programming and different PLCs. data exchange function.
Probe touch screen and PLC point table
There are 4 variables on the current touch screen, “Qualified Products”, “Defective Products”, “Total Pieces” and “Start Unloading”, and the connected device is CP1H-X40DT-D.
Run “BCDeviceV1031.exe”, find the BCNet-CP/CJ-S module, and click “Device Operation Diagnosis”;
In the equipment operation diagnosis, you can check the current serial bus (PLC) and expansion bus (HMI) operation status, and click the “Point meter detection” button;
Enter “BCNet888” in the pop-up authorization authentication window to enter the bus analysis (point meter detection) interface, as shown in the figure below;
①It can be seen from the touch screen panel that unsigned integer 32-bit data is selected, and various analysis types such as “unsigned integer 32-bit”, “signed integer 32-bit” are provided, and “unsigned integer 32-bit” is selected here;
②The site information prompt is “HMI reads PLC”, indicating that the current touch screen communicates through the module, that is, through the BCNet-CP/CJ-S transfer mode;
③ It can be seen that the current data streams “18”, “12885” and “12903” correspond to “DM120~121”, “DM100~101” and “DM50~51” respectively. Through the touch screen panel information, it can be seen that “DM120~121” corresponds to “bad” “Number of products”, “DM50~51” corresponds to “Number of qualified products”, “DM100~101” corresponds to “Number of total pieces”;
④The current list can be exported as an Excel file for further editing and processing;
Set the “start feeding” button on the touch screen. The BCDevice tool can detect the current HMI’s setting behavior to the “CIO101.5” of the PLC. It can be analyzed that the corresponding point of “start feeding” is: “CIO101.5”;
Through the PLC bus protocol analysis function of BCNet-CP/CJ-S, the current Omron PLC data flow can be analyzed, and the current reading behavior and writing behavior of the touch screen can be detected. Combined with the panel information of the touch screen, the PLC can be obtained. Important point table information. When PLC program encryption, touch screen program encryption, etc. cannot know the PLC point table information, this module detects the PLC important point table information, which provides convenience and economy for the implementation of the information acquisition scheme.