When the program run, the code from 6354F7 to 635590 will XOR the content from 635017 to 63546B with A9.

So, to make the prog to jump to our injected code (e.g. jmp to 635741),in your unpacked file

006353B6 75 08 JNZ SHORT gdbnt.006353C0
006353B8 B8 01000000 MOV EAX,1
006353BD C2 0C00 RETN 0C

change to

006353B6 E9 86030000 JMP gdbnt1.00635741
006353BB 90 NOP
006353BC 90 NOP
006353BD C2 0C00 RETN 0C

So, we know 7 bytes need to be changed. XORing E9860300009090 (each byte) with A9 will get 402FAAA9A93939. Now, replace DCA111A8A9A9 with 402FAAA9A93939 at offset 6353B6 in the original file. Then you
may inject your code later (e.g. at 635741). The code we inject need not to be XOR with A9 because they are not in the affected range (635017 to 63546B).

Hope this help. Sorry for the poor english.