Configure holding registers (40001–49999), set INT16, FLOAT32, and DWORD values, and test FC03 reads and FC16 writes — without real hardware. Free 30-day trial.
No registration · No credit card · Windows 10/11
Holding registers (data model prefix 4x) are the most versatile register type in Modbus. They are 16-bit, read-write registers accessible via three function codes: FC03 (read), FC06 (write single), FC16 (write multiple). Engineers use them to store setpoints, analog output values, configuration parameters, and any value that needs to be both read and written by the master.
A Modbus holding register simulator lets you define register values in software — so you can test a SCADA system, PLC program, or HMI application against a simulated device before the real hardware is available.
| Type | Prefix | 1-based Range | 0-based PDU Range | Read FC | Write FC | Access |
|---|---|---|---|---|---|---|
| Coils | 0x | 00001–09999 | 0–9998 | FC01 | FC05, FC15 | Read/Write |
| Discrete Inputs | 1x | 10001–19999 | 0–9998 | FC02 | — | Read-only |
| Input Registers | 3x | 30001–39999 | 0–9998 | FC04 | — | Read-only |
| Holding Registers | 4x | 40001–49999 | 0–9998 | FC03 | FC06, FC16 | Read/Write |
Set any value in registers 40001–65535. Use the grid editor to enter values individually, paste from a spreadsheet, or import from a CSV register map. Changes take effect instantly — the next master read gets the updated value.
Display and set values as signed/unsigned 16-bit integers, 32-bit integers spanning two registers, IEEE 754 float32 across two registers, or raw hex. Choose the data type per register block to match your device's register map.
32-bit values spanning two registers have four possible byte orderings: ABCD (Big Endian), DCBA (Little Endian), BADC (Mid-Big), CDAB (Mid-Little). Select the one matching your device spec — critical for energy meters and VFD drives.
Your SCADA or PLC sends FC16 write requests to the simulator. The new values appear instantly in the register grid. Use this to validate that your master is sending the correct register addresses, data types, and values before deploying to production.
Every read and write is logged with timestamp, function code, starting address, register count, and values. Instantly see if your master is requesting the right address range, and verify writes arrived correctly.
Have a device datasheet with a register map? Export it to CSV format and import directly into the simulator. Columns: address, value, data type, byte order, description. Populates all registers in one click.
The most common source of confusion when working with Modbus holding registers is the offset between datasheet notation and the actual PDU address:
| Datasheet says | PDU address (send in request) | FC03 request example |
|---|---|---|
| 40001 | 0 (0x0000) | FC03, start=0, count=1 |
| 40002 | 1 (0x0001) | FC03, start=1, count=1 |
| 40100 | 99 (0x0063) | FC03, start=99, count=1 |
| 41000 | 999 (0x03E7) | FC03, start=999, count=1 |
Rule: PDU address = datasheet register number − 40001. ModbusSimulator.com shows both notations in the register grid — switch between 1-based and 0-based display with one click.
Set voltage (40001), current (40003), power (40005) as 32-bit floats in ABCD byte order — typical of Eastron SDM and Schneider iEM meters.
Simulate speed setpoint (40001), status word (40003), output frequency (40005) — test SCADA speed control and fault monitoring logic before the drive arrives.
Simulate process value (40001) and setpoint (40002) as INT16. Test your PLC's PID control loop reads the correct addresses before connecting the real controller.
Configure the simulator to match your device's register map. Connect Ignition, WinCC, or AVEVA and verify tags are bound to correct addresses with correct engineering unit scaling.
ModbusSimulator.com simulates all four Modbus register types in the same slave instance — holding registers (4x), input registers (3x), coils (0x), and discrete inputs (1x). One $99 license, one tool.
Both are 16-bit registers, but with different access permissions. Holding registers (4x) are read-write — a master can both read them (FC03) and write to them (FC06/FC16). Input registers (3x) are read-only — the master can only read them (FC04), the slave device sets the values internally (e.g., a sensor reading). In ModbusSimulator.com, you can set values in both types, but only holding registers respond to FC16 write requests.
Select two consecutive registers (e.g., 40001 and 40002), set the data type to "FLOAT32", enter the float value (e.g., 98.6), and choose the byte order matching your device's spec. The simulator automatically splits the value across both registers. Common byte orders: energy meters often use ABCD Big Endian; some Schneider devices use CDAB. Check the device register map document.
Most Modbus masters send address 0 in the FC03 request to read register 40001 (0-based addressing). Some masters use 1-based addressing and send address 1 for register 40001. ModbusSimulator.com defaults to 0-based (register 40001 = address 0). If your master sends address 1 for 40001, enable the "1-based addressing" option in the simulator settings.
Yes. You can configure the simulator to return FC03 exception code 02 (Illegal Data Address) for specific register ranges. This lets you test your master application's error handling for out-of-range addresses — without needing a real device that has the same restrictions.
All register types · FC03, FC06, FC16 · 32-bit float · TCP + RTU · Windows 10/11