The syntax of the S7 memory addresses and the legal ranges for each of the supported PLCs are as follows:
The syntax for memory addresses takes one of 3 forms:
- [Area][Byte Address].[Bit Index]
- [Area][Data Size: B, W or D][Starting Byte Address]
- [Data Block Number DBx].DB[Data Size: B, W, X, or D][Starting Byte Address]
| Memory Area | Area Prefix | Notes |
|---|---|---|
| Input | E (or I) | |
| Output | A (or Q) | |
| Memory | M | |
| Special Memory | S | S7-200 ONLY |
| Variable Storage | V | S7-200 ONLY |
| Timer | T | |
| Counter | Z (or C) | |
| Data Blocks | DBx DBy | |
| Peripheral Input | PE (or PI) | |
| Peripheral Output | PA (or PQ) | |
| Analog Input | AE (or AI) | S7-200 ONLY |
| Analog Output | AA (or AQ) | S7-200 ONLY |
| Local | L | |
| Flags | F | Not supported in S7-200 |
Notes and Examples:
The "PLC Type" selection on the Options tab is used only to determine what types of addresses the driver allows us to request, remembering that the driver really only differentiates between S7 200 & all other S7 types.
Typically, most information is read from and written to data blocks (type DB). These are the individual memory areas in the PLC that represent variables of the individual function block instances in the PLC program, along with the global data for the program.
Addresses of DB type values in the PLC will follow the format of the PLC program with which VTScada is communicating. Note that the addressing format for accessing both global data blocks and instance data blocks is the same with only the data block number and location within that block changing.
To access a variable within a data block, you must know a minimum of three things about it:
- The data block number.
- The data type of the variable within the data block.
- The starting byte number within the data block for the variable you want to access.
Putting these three elements together, the format of a data block address becomes:
DBx.DByz
Where:
- x is the data block number
- y is the data type and may be one of the following four values:
- X – bit
- B – unsigned byte
- W – unsigned word (2 bytes)
- D – unsigned double word (4 bytes)
- z is the starting byte number for the variable within the block. The starting byte number can be determined using the manufacturers supplied PLC programming software to examine the contents of the data blocks.
For example, if you have a data block #440 with a integer value that starts at the first byte of the block, you would address this variable as:
DB440.DBW0
For a double word starting at byte 23 in the same block, you would use:
DB440.DBD23
Alternatively, if you have a floating point value located at byte 45 of data block #10, you can address this as:
DB10.DBD45/FLOAT
Note that in this case VTScada will initially read the data as a double word (DBD45) and then convert it to a float using the /FLOAT qualifier.
This same methodology can also be used to change the unsigned short and long integers read from the PLC into signed using the qualifiers /SWORD and /SDWORD respectively. For example, to read a signed short integer from block #5 starting at byte #21, use address:
DB5.DBW21/SWORD
When reading bit data types, an additional address component to specify the bit number must also be added to the address in the form:
DBx.DBXz.b
Where b defines the bit number to read from byte z.
For example, to read bit 5 from byte 41 of data block 109, use address:
DB109.DBX41.5
