Maybe you could create an additional Section. Then change the EP to this section. You can create a structured Exception Handler there. After you have done this you can set int3's into the unpacking code and then jump back to the EP. You gain control of the code whenever a int3 ist reached. Of course you could also place other illegal Instructions like XOR EAX, EAX - MOV [EAX], EAX, but int3s are much smaller and you don't need to write so much code back. If the programm creates structured Exception Handlers itself it is much more difficult to find the right places to patch.

EDIT: It is also possible to change the values of the registers or on the stack.